DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10595>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10595 Security Constraints not processed according to spec. [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2002-12-09 09:24 ------- I have reed the specs 2.4 about this and compared it with the specs for 2.3. There are no real differences about this topic. But I found the problem in ignoring the Use of URL Paths. Therfore I have to reopen this BUG: "The Spec state in SRV 11.1 Use of URL Paths ... 2. The container will recursively try to match the longest path-prefix: This is done by stepping down the path tree a directory at a time, using the ’/’ character as a path separator. The longest match determines the servlet selected. ..." TOMCAT 4 is NOT doing this to resolve the URL of a security constraint. If TOMCAT 4 would do, than the order of the security constraints wouldn't make any difference (in my example). But as I said in my comment, TOMCAT is using the first match from the descriptor, even if there are more with LONGER path-prefix. If this would be fixed, then it will work the way one expects it (according to the specs). I was willed to send comments to the jsr expert group. But the problem is not the specs. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>