Hello,
The following url-pattern in a security-constraint in my WEB.XML causes the
page WCPAdmin.jsp (which resides in a subdirectory below the context root)
to be protceted under Orion and JRun, whereas Tomcat lets me access it
without any constraints:
<url-pattern>*/WCFAdmin.jsp</url-pattern>
If I change the pattern to:
<url-pattern>/jsp/admin/*</url-pattern>
all servers behave equal, protecting all pages in the given subdirectory.
Now, I wonder why Tomcat ignored the first specification. I suppose this is
a bug, but on whose side (JRun & Orion, Tomcat or mine)
regards,
Christian
