Sorry sorry, <web-resource-name> elements are unique, just a copying error.
-----Original Message----- From: Alexander Vavilin [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 10:33 PM To: Tomcat Users List Subject: Re: url-pattern and realms security Hello Colin, I am not sure, but I think you cannot do this, first an <web-resource-name> element means an UNIQUE name. Can you understand ? You must give it different names. Second thing, I never heard about <http-method> element. Hope it will help. -- Best regards, Alexander mailto:[EMAIL PROTECTED] Friday, August 15, 2003, 1:38:17 AM, you wrote: MC> So I looked at the servlet spec, but it doesn't specify (as far as I MC> read) how hierarchical security constraints should work and Tomcat MC> 4.1.27 seems to not do hiarachical constraints :) Also searching MC> the list I didn't turn up results of this type, although I swear MC> I've seen this issue before... MC> I want to secure "/*" with a standard role and then "/stuff1" with MC> another role and "/stuff2" with yet another role. MC> So I put in the web.xml: MC> <security-constraint> MC> <web-resource-collection> MC> <web-resource-name>General Secured content root</web-resource-name> MC> <url-pattern>/*</url-pattern> MC> <http-method>GET</http-method> MC> <http-method>POST</http-method> MC> </web-resource-collection> MC> <auth-constraint> MC> <role-name>standard</role-name> MC> </auth-constraint> MC> </security-constraint> MC> <security-constraint> MC> <web-resource-collection> MC> <web-resource-name>General Secured content root</web-resource-name> MC> <url-pattern>/stuff1</url-pattern> MC> <http-method>GET</http-method> MC> <http-method>POST</http-method> MC> </web-resource-collection> MC> <auth-constraint> MC> <role-name>usertype1</role-name> MC> </auth-constraint> MC> </security-constraint> MC> <security-constraint> MC> <web-resource-collection> MC> <web-resource-name>General Secured content root</web-resource-name> MC> <url-pattern>/stuff2</url-pattern> MC> <http-method>GET</http-method> MC> <http-method>POST</http-method> MC> </web-resource-collection> MC> <auth-constraint> MC> <role-name>usertype2</role-name> MC> </auth-constraint> MC> </security-constraint> MC> But the second two seem to be overriden by the first. (A link on a MC> WebLogic site shows the above to work, but I don't have WebLogic) MC> Is this known behavior or did I miss something? MC> -------------------------------------------------------------------- MC> - MC> To unsubscribe, e-mail: [EMAIL PROTECTED] MC> For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]