i am combininig multiple security-constraint and wildcard pattern. The
result is a bit confusing.
only and single security-constraint def:
===
security-constraint
web-resource-collection
web-resource-nameHTMLManger and Manager command/web-resource-name
url-pattern/*/url-pattern
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Manuel,
On 4/12/2010 4:38 PM, aldana wrote:
This is counterintuitive, I would still expect 'admin' to access all
ressources, because it has /* wildcard.
After debugging tomcat confirms, adding constraints is side-effecting
exististing