Re: svn commit: r1348626 - /openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml

Sun, 10 Jun 2012 11:36:17 -0700 

Thank you Romain! I didn't notice that.
What about using /* and then excluding the /ejb/*

Something like...

<!-- Everything is secured... -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Application</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
*        <auth-constraint>*
*            <role-name>tomee-admin</role-name>*
*        </auth-constraint>*
    </security-constraint>

<!-- ...but this is public. -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Server EJB</web-resource-name>
            <url-pattern>/ejb/*</url-pattern>
        </web-resource-collection>
    </security-constraint>



[]s,
Thiago.



On Sun, Jun 10, 2012 at 1:14 PM, <[email protected]> wrote:

> Author: rmannibucau
> Date: Sun Jun 10 17:14:20 2012
> New Revision: 1348626
>
> URL: http://svn.apache.org/viewvc?rev=1348626&view=rev
> Log:
> security in web.xml should be done by url and not globally using /* since
> /ejb/* shouldn't be secured by default
>
> Modified:
>    openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
>
> Modified:
> openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
> URL:
> http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml?rev=1348626&r1=1348625&r2=1348626&view=diff
>
> ==============================================================================
> ---
> openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
> (original)
> +++
> openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
> Sun Jun 10 17:14:20 2012
> @@ -190,22 +190,150 @@
>
>     <!--
> **************************************************************************************
> -->
>
> -    <!-- basic security to replace context.xml and allow remote accesses
> -->
> -    <security-constraint>
> -        <web-resource-collection>
> -            <web-resource-name>Admin Installer</web-resource-name>
> -            <url-pattern>/*</url-pattern>
> -        </web-resource-collection>
> -        <auth-constraint>
> -            <role-name>tomee-admin</role-name>
> -        </auth-constraint>
> -    </security-constraint>
> +  <!-- basic security to replace context.xml and allow remote accesses -->
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Installer</web-resource-name>
> +      <url-pattern>/installer</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Webservices</web-resource-name>
> +      <url-pattern>/ws/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Jndi</web-resource-name>
> +      <url-pattern>/jndi/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Log</web-resource-name>
> +      <url-pattern>/log/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Logout</web-resource-name>
> +      <url-pattern>/logout/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin upload</web-resource-name>
> +      <url-pattern>/upload/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin System</web-resource-name>
> +      <url-pattern>/system/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Deploy</web-resource-name>
> +      <url-pattern>/deploy/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Error</web-resource-name>
> +      <url-pattern>/error/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Console</web-resource-name>
> +      <url-pattern>/console/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Data</web-resource-name>
> +      <url-pattern>/data/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Interface</web-resource-name>
> +      <url-pattern>*.jsp</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Style</web-resource-name>
> +      <url-pattern>/css/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin Images</web-resource-name>
> +      <url-pattern>/images/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  <!-- if you use it, /ejb/* will be secured too which is nto what we
> want today
> +  <security-constraint>
> +    <web-resource-collection>
> +      <web-resource-name>Admin</web-resource-name>
> +      <url-pattern>/*</url-pattern>
> +    </web-resource-collection>
> +    <auth-constraint>
> +      <role-name>tomee-admin</role-name>
> +    </auth-constraint>
> +  </security-constraint>
> +  -->
>
> -    <login-config>
> -        <auth-method>BASIC</auth-method>
> -        <realm-name>TomEE Webapp</realm-name>
> -    </login-config>
> -    <security-role>
> -        <role-name>tomee-admin</role-name>
> -    </security-role>
> +  <login-config>
> +    <auth-method>BASIC</auth-method>
> +    <realm-name>TomEE Webapp</realm-name>
> +  </login-config>
> +  <security-role>
> +    <role-name>tomee-admin</role-name>
> +  </security-role>
>  </web-app>
>
>
>

Reply via email to