-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregor,
On 2/26/2009 9:59 AM, Gregor Schneider wrote: > This looks a bit awkward to me (didn't know that this is possible), > but I guess that's not the reason for your problem: > > <role-name>*</role-name> This is fine. From the servlet spec SRV.13.3: " The auth-constraintType indicates the user roles that should be permitted access to this resource collection. The role-name used here must either correspond to the role-name of one of the security-role elements defined for this web application, or be the specially reserved role-name "*" that is a compact syntax for indicating all roles in the web application. If both "*" and rolenames appear, the container interprets this as all roles. If no roles are defined, no user is allowed access to the portion of the web application described by the containing security-constraint. The container matches role names case sensitively when determining access. " In this context, it means "any authenticated user is authorized, regardless of role". - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmm5NQACgkQ9CaO5/Lv0PC2BgCgr/wdxfLd7z0Vhzqb60x1BCaN fxIAoJDD0oWvU27WN6mrnHVsGlMpMYhh =foxl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org