"Alan Chandler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Thursday 09 February 2006 04:05, Bill Barker wrote: >> "Alan Chandler" <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] > ... >> This works correctly in TC 5.x. You need to reverse the order for TC >> 4.1.x >> (this is due to a change in the respective versions of the servlet spec >> they implement). >> >> > <security-constraint> >> > <web-resource-collection> >> > <web-resource-name> >> > Valid Users >> > </web-resource-name> >> > <url-pattern> /* </url-pattern> >> > </web-resource-collection> >> > <auth-constraint> >> > <role-name>*</role-name> >> > </auth-constraint> >> > </security-constraint> >> > >> > <security-constraint> >> > <web-resource-collection> >> > <web-resource-name> >> > Site Admin >> > </web-resource-name> >> > <url-pattern> /admin/* </url-pattern> >> > </web-resource-collection> >> > <auth-constraint> >> > <role-name>admin</role-name> >> > </auth-constraint> >> > </security-constraint> >> > > Since I am doing everything for TC 4.1.3 (Debian Stable) and just to be > clear, > do you mean the following (ie swapping round the security-constraints) > > <security-constraint> > <web-resource-collection> > <web-resource-name> > Site Admin > </web-resource-name> > <url-pattern> /admin/* </url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > <security-constraint> > <web-resource-collection> > <web-resource-name> > Valid Users > </web-resource-name> > <url-pattern> /* </url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>*</role-name> > </auth-constraint> > </security-constraint> > > Otherwise thank you very much that was very clear.
Yes. TC 4.1.x does a first-match on <security-constraint>s (since the 2.3 servlet spec doesn't specify otherwise), so you need to have your longest patterns first. > -- > Alan Chandler > http://www.chandlerfamily.org.uk > Open Source. It's the difference between trust and antitrust. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]