incorrect behaviour of security-constraint configuration in web.xml
--------------------------------------------------------------------
Key: GERONIMO-5578
URL: https://issues.apache.org/jira/browse/GERONIMO-5578
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: Tomcat
Affects Versions: 3.0
Reporter: Han Hong Fang
Assignee: Han Hong Fang
When have following configuration in web.xml, GET and POST can be accessed by
both "RoleA" and "RoleB".
<security-constraint>
<web-resource-collection>
<web-resource-name>resource2</web-resource-name>
<url-pattern>/SampleServlet2</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RoleA</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>resource3</web-resource-name>
<url-pattern>/SampleServlet2</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RoleB</role-name>
</auth-constraint>
</security-constraint>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
