For the benefit of the original poster: If you don't specify any http-methods for the web-resource-collection, the default behavior is that all methods are protected. If you specify one or more http-methods, the behavior is that those specified are protected, and any that are not specified are not protected.
Rebeccah -----Original Message----- From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com] Sent: Wednesday, October 20, 2010 2:15 PM To: users@tomcat.apache.org Subject: Re: Securing A Directory Listing Sure, there are more HTTP methods that someone would want to protect from. Thanks for pointing out. Regards, Edson. Em 20/10/2010 18:51, Mark Thomas escreveu: > On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote: >> <web-resource-collection> >> <web-resource-name>Secure Area</web-resource-name> <description/> >> <url-pattern>/mysecurearea</url-pattern> >> <http-method>GET</http-method> >> </web-resource-collection> > Bad advice. Don't put the http-method in there. > > Mark > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ------------------------------------------ The contents of this message, together with any attachments, are intended only for the use of the person(s) to which they are addressed and may contain confidential and/or privileged information. Further, any medical information herein is confidential and protected by law. It is unlawful for unauthorized persons to use, review, copy, disclose, or disseminate confidential medical information. If you are not the intended recipient, immediately advise the sender and delete this message and any attachments. Any distribution, or copying of this message, or any attachment, is prohibited. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
