hi,
It may be quite simple but it's not working for me.
I have a set of servlets
/myapp/p/ab.do
/myapp/p/groups.do
/myapp/p/contacts.do
AND I want all of them to be accessible to roles "user" and "admin".
There is 1 more servlet that MUST be accessible ONLY to "admin"
/myapp/p/status.do
I am setting config like given below.
But still, "user" roles are being able to access status.do
What am i doing wrong?
thanks for any help
-navjot singh
__My XML Declarations__
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Show Status</web-resource-name>
<url-pattern>/p/status.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
---------------
regards
Navjot Singh
Net4India Ltd.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
