Hi
I am developing an application where some servlets include information from
other servlets. I am mapping from URL to servlet names using the
servlet-mapping element of the deployment descriptor (web.xml):
<servlet>
<servlet-name>smart</servlet-name>
<servlet-class>pvpn.smarthome</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>smart</servlet-name>
<url-pattern>/tele/*.prs</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>DirectServletAccess</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>jerk</role-name>
</auth-constraint>
</security-constraint>
Now when I request the /tele/home.prs url with a user without jerk-role,
which should map to servlet pvpn.smarthome, I receive HTTP status 403 -
forbidden.
Is it possible to limit access to servlets directly to only jerk-role, but
allow access to certain url-patterns to anyone? How-todo?
Thanks for any assistance.
:-) Palle
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
