André Warnier wrote:
Jason Royals wrote:
Thanks for the advice, but I think <security-role-ref> is only valid
within the context of a <servlet> element though?
I have not checked, but are you sure ? Is it not at the level of the
web-app ? If so, it would apply to everything belonging to that webapp,
whether filters, servlets, jsp's, whatnot.
Now I have checked..
More precisely, it seems from the Servlet Spec, that all which concerns
AAA applies in fact to "URLs" and/or "methods". It seems thus
definitely independent from servlets, filters, jsps etc..
Now since these constraints are defined within a context's deployment
descriptor (web.xml), I would imagine that whatever URL's are specified
in the security section apply within the context of that webapp.
I you get what I mean.
Note that the above is basically a personal exercise in comprehending
the Servlet Spec, so it would not be bad if one of the gurus commented
on this..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org