Hello, More of a servlet spec question than a tomcat one, and, from what I read, a rather long shot, but is there a way to define auth-constraint dynamically in web.xml?
For instance I'd like to have the following <security-constraint> <display-name></display-name> <web-resource-collection> <web-resource-name></web-resource-name> <url-pattern>/something/(.*)/someotherthing</url-pattern> <http-method>PUT</http-method> <http-method>POST</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>\1_something</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>*_something</role-name> </security-role> with \1 being the (.*) in url-pattern ? I know I can do it programmatically with something like request.isUserInRole(). But I would like to define all the webapp security in another place than in code (if only not to forget anything :) ). I don't know if it relevant but I'm using tomcat 6.0.36 at the moment on Windows 2003 with jdk 1.6_0.37. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org