Security constraints for different contexts

[Rahman Syed]

Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to 
restrict access to one specific page.  The problem is that this page exists 
in different contexts, but using the same docbase.  You can get a better 
idea by looking at the first snippet included below.

You can see that the application itself is installed by default at context 
"/wiki", and there will be additional copies at "/wiki/wikione" and so 
on.  My goal is to restrict /wiki/Edit.jsp to one role, 
/wiki/wikione/Edit.jsp to another role, etc.  The web.xml I'm using right 
now doesn't even prompt for authentication at all; the only time I can get 
it to authorize anything is when I only have one security constraint, for 
url-pattern "/Edit.jsp".

Is there an easy to way to achieve this?  Thanks...
Rahman
Server.xml snippet:
     <Context path="/wiki/wikione" docBase="wiki" debug="0">
          <Parameter name="jspwiki.propertyfile" 
value="C:\tomcat\webapps\wiki\WEB-INF\wikione.properties"
                     override="false"/>
     </Context>


The application's web.xml snippet:
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/wiki/Edit.jsp</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>wikiadmin</role-name>
       </auth-constraint>
   </security-constraint>
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/wiki/wikione/Edit.jsp</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>wikioneadmin</role-name>
       </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JSPWiki Editor</realm-name>
   </login-config>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]