-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Manuel,
On 4/12/2010 4:38 PM, aldana wrote: > This is counterintuitive, I would still expect 'admin' to access all > ressources, because it has /* wildcard. > > After debugging tomcat confirms, adding constraints is side-effecting > exististing constraints. > > When reading the servlet specification SRV.12.8.1 it mentions an union > operation of multiple <security-constraint>. But to me above behaviour looks > more like a difference operation (the 2nd security constraint is removing a > right from the 1st one). Re-read those sections: it says that constraints are combined when they have the same pattern and method. You have different patterns, so the will not be combined. There's a great example right there in the text that demonstrates this. What version of the spec are you reading? In mine (v2.5 MR6), the relevant section is 12.7.1, not 12.8.1. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDihMACgkQ9CaO5/Lv0PAqHACfSjs0H+q2x/Bu2a2BBegeOxc9 sIgAoILDz5M5H80k1ST5SHec8IhzpoQ2 =6Uys -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org