Hi,
I'm looking for a way to declare security on my webapp. The webapp is very
small. It consists of a few JSPs and a servlet controller. I tried to forbid
access to every resource in the app with a <security-constraint> element via
<url-pattern>/*</url-pattern> and no <auth-constraint>. I granted access to a
start JSP via a <security-constraint> with <auth-constraint>. Unfortanetely
this doesn't work.
<security-constraint>
<web-resource-collection>
<web-resource-name>start</web-resource-name>
<url-pattern>/jsp/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything else</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
Is something wrong here or am I misunderstanding something completely?
- Martin.
--
NEU F�R ALLE - GMX MediaCenter - f�r Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gru�, GMX FotoService
Jetzt kostenlos anmelden unter http://www.gmx.net
+++ GMX - die erste Adresse f�r Mail, Message, More! +++
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
