Not sure if it work, try it ;). A good test is to run arquillian tomee remote tests.
Romain Le 10 juin 2012 20:36, "Thiago Veronezi" <[email protected]> a écrit : > Thank you Romain! I didn't notice that. > What about using /* and then excluding the /ejb/* > > Something like... > > <!-- Everything is secured... --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Application</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > * <auth-constraint>* > * <role-name>tomee-admin</role-name>* > * </auth-constraint>* > </security-constraint> > > <!-- ...but this is public. --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Server EJB</web-resource-name> > <url-pattern>/ejb/*</url-pattern> > </web-resource-collection> > </security-constraint> > > > > []s, > Thiago. > > > > On Sun, Jun 10, 2012 at 1:14 PM, <[email protected]> wrote: > > > Author: rmannibucau > > Date: Sun Jun 10 17:14:20 2012 > > New Revision: 1348626 > > > > URL: http://svn.apache.org/viewvc?rev=1348626&view=rev > > Log: > > security in web.xml should be done by url and not globally using /* since > > /ejb/* shouldn't be secured by default > > > > Modified: > > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > > > Modified: > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > URL: > > > http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml?rev=1348626&r1=1348625&r2=1348626&view=diff > > > > > ============================================================================== > > --- > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > (original) > > +++ > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > Sun Jun 10 17:14:20 2012 > > @@ -190,22 +190,150 @@ > > > > <!-- > > > ************************************************************************************** > > --> > > > > - <!-- basic security to replace context.xml and allow remote accesses > > --> > > - <security-constraint> > > - <web-resource-collection> > > - <web-resource-name>Admin Installer</web-resource-name> > > - <url-pattern>/*</url-pattern> > > - </web-resource-collection> > > - <auth-constraint> > > - <role-name>tomee-admin</role-name> > > - </auth-constraint> > > - </security-constraint> > > + <!-- basic security to replace context.xml and allow remote accesses > --> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Installer</web-resource-name> > > + <url-pattern>/installer</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Webservices</web-resource-name> > > + <url-pattern>/ws/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Jndi</web-resource-name> > > + <url-pattern>/jndi/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Log</web-resource-name> > > + <url-pattern>/log/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Logout</web-resource-name> > > + <url-pattern>/logout/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin upload</web-resource-name> > > + <url-pattern>/upload/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin System</web-resource-name> > > + <url-pattern>/system/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Deploy</web-resource-name> > > + <url-pattern>/deploy/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Error</web-resource-name> > > + <url-pattern>/error/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Console</web-resource-name> > > + <url-pattern>/console/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Data</web-resource-name> > > + <url-pattern>/data/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Interface</web-resource-name> > > + <url-pattern>*.jsp</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Style</web-resource-name> > > + <url-pattern>/css/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin Images</web-resource-name> > > + <url-pattern>/images/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + <!-- if you use it, /ejb/* will be secured too which is nto what we > > want today > > + <security-constraint> > > + <web-resource-collection> > > + <web-resource-name>Admin</web-resource-name> > > + <url-pattern>/*</url-pattern> > > + </web-resource-collection> > > + <auth-constraint> > > + <role-name>tomee-admin</role-name> > > + </auth-constraint> > > + </security-constraint> > > + --> > > > > - <login-config> > > - <auth-method>BASIC</auth-method> > > - <realm-name>TomEE Webapp</realm-name> > > - </login-config> > > - <security-role> > > - <role-name>tomee-admin</role-name> > > - </security-role> > > + <login-config> > > + <auth-method>BASIC</auth-method> > > + <realm-name>TomEE Webapp</realm-name> > > + </login-config> > > + <security-role> > > + <role-name>tomee-admin</role-name> > > + </security-role> > > </web-app> > > > > > > >
