I tested it locally and it seems to work. Just committed de code. Lets see if the build complains again. :O) []s, Thiago.
On Sun, Jun 10, 2012 at 2:38 PM, Romain Manni-Bucau <[email protected]>wrote: > Not sure if it work, try it ;). A good test is to run arquillian tomee > remote tests. > > Romain > Le 10 juin 2012 20:36, "Thiago Veronezi" <[email protected]> a écrit : > > > Thank you Romain! I didn't notice that. > > What about using /* and then excluding the /ejb/* > > > > Something like... > > > > <!-- Everything is secured... --> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Application</web-resource-name> > > <url-pattern>/*</url-pattern> > > </web-resource-collection> > > * <auth-constraint>* > > * <role-name>tomee-admin</role-name>* > > * </auth-constraint>* > > </security-constraint> > > > > <!-- ...but this is public. --> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Server EJB</web-resource-name> > > <url-pattern>/ejb/*</url-pattern> > > </web-resource-collection> > > </security-constraint> > > > > > > > > []s, > > Thiago. > > > > > > > > On Sun, Jun 10, 2012 at 1:14 PM, <[email protected]> wrote: > > > > > Author: rmannibucau > > > Date: Sun Jun 10 17:14:20 2012 > > > New Revision: 1348626 > > > > > > URL: http://svn.apache.org/viewvc?rev=1348626&view=rev > > > Log: > > > security in web.xml should be done by url and not globally using /* > since > > > /ejb/* shouldn't be secured by default > > > > > > Modified: > > > > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > > > > > Modified: > > > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > > URL: > > > > > > http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml?rev=1348626&r1=1348625&r2=1348626&view=diff > > > > > > > > > ============================================================================== > > > --- > > > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > > (original) > > > +++ > > > > openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml > > > Sun Jun 10 17:14:20 2012 > > > @@ -190,22 +190,150 @@ > > > > > > <!-- > > > > > > ************************************************************************************** > > > --> > > > > > > - <!-- basic security to replace context.xml and allow remote > accesses > > > --> > > > - <security-constraint> > > > - <web-resource-collection> > > > - <web-resource-name>Admin Installer</web-resource-name> > > > - <url-pattern>/*</url-pattern> > > > - </web-resource-collection> > > > - <auth-constraint> > > > - <role-name>tomee-admin</role-name> > > > - </auth-constraint> > > > - </security-constraint> > > > + <!-- basic security to replace context.xml and allow remote accesses > > --> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Installer</web-resource-name> > > > + <url-pattern>/installer</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Webservices</web-resource-name> > > > + <url-pattern>/ws/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Jndi</web-resource-name> > > > + <url-pattern>/jndi/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Log</web-resource-name> > > > + <url-pattern>/log/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Logout</web-resource-name> > > > + <url-pattern>/logout/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin upload</web-resource-name> > > > + <url-pattern>/upload/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin System</web-resource-name> > > > + <url-pattern>/system/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Deploy</web-resource-name> > > > + <url-pattern>/deploy/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Error</web-resource-name> > > > + <url-pattern>/error/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Console</web-resource-name> > > > + <url-pattern>/console/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Data</web-resource-name> > > > + <url-pattern>/data/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Interface</web-resource-name> > > > + <url-pattern>*.jsp</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Style</web-resource-name> > > > + <url-pattern>/css/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin Images</web-resource-name> > > > + <url-pattern>/images/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + <!-- if you use it, /ejb/* will be secured too which is nto what we > > > want today > > > + <security-constraint> > > > + <web-resource-collection> > > > + <web-resource-name>Admin</web-resource-name> > > > + <url-pattern>/*</url-pattern> > > > + </web-resource-collection> > > > + <auth-constraint> > > > + <role-name>tomee-admin</role-name> > > > + </auth-constraint> > > > + </security-constraint> > > > + --> > > > > > > - <login-config> > > > - <auth-method>BASIC</auth-method> > > > - <realm-name>TomEE Webapp</realm-name> > > > - </login-config> > > > - <security-role> > > > - <role-name>tomee-admin</role-name> > > > - </security-role> > > > + <login-config> > > > + <auth-method>BASIC</auth-method> > > > + <realm-name>TomEE Webapp</realm-name> > > > + </login-config> > > > + <security-role> > > > + <role-name>tomee-admin</role-name> > > > + </security-role> > > > </web-app> > > > > > > > > > > > >
