Re: Extension pattern, i.e. *.do in security constraints

Sat, 20 Jan 2007 11:56:37 -0800 

OK, I fixed this in GERONIMO-2763 in trunk.
Everyone will need to get the newest jacc 1.1 snapshot I pushed for the new web-2.5-builder test to pass. 


I haven't looked into what is necessary to fix the jacc 1.0 spec  
jar.... maybe dain can help with this (I'm unsure what the correct  
process for modifying this would be)


thanks
david jencks

On Jan 20, 2007, at 3:06 AM, anita kulshreshtha wrote:


  This was reported in
https://issues.apache.org/jira/browse/GERONIMO-1585#action_12436703
   Please note that the presence/absence of authorization constraint
and a role ( same or different ) in  second security constraint does
not make any difference.

Thanks
Anita

--- David Jencks <[EMAIL PROTECTED]> wrote:


It looks to me as if it should be allowed.  What is the error?

thanks
david jencks

On Jan 19, 2007, at 7:41 PM, anita kulshreshtha wrote:


   We do not allow this combintaion of URL patterns in
web-resource-collection. This is in line with JACC
http://java.sun.com/j2ee/1.4/docs/api/javax/security/jacc/
WebResourcePermission.html

   <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Role</web-resource-name>
            <url-pattern>*.do</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>content-administrator</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Unrestricted

ACCESS</web-resource-name>

            <url-pattern>/login.do</url-pattern>
        </web-resource-collection>
    </security-constraint>

    The following url-patterns are allowed with *.do -
     -  /login/*, /login.do/* , i.e. path prefix patterns
     -  login.do, i.e. Exact patterns matching *.do
     - login.do/, login.do/*
    Does anyone know why the above web.xml fragment should or

should

not be allowed?

Thanks
Anita







______________________________________________________________________



______________
Get your own web address.
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL









______________________________________________________________________ 
______________

Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
















    











					Reply via email to