Is it possible to assign roles to unauthenticated users in Tomcat5?
I have a web application with these security constraints:
<security-constraint>
<web-resource-collection>
<web-resource-name>Private Resources</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>authenticated</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Public Resources</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>anonymous</role-name>
</auth-constraint>
</security-constraint>
I wish to give everyone - authenticated or not - access to the resources
in the "Public Resources" collection, but to limit access to everything
else.
I used the same scheme for an application running on WebSphere, and there
it simply required assigning the "anonymous" role to "everyone". So far I
haven't been able to figure out how to do the same on Tomcat5. Does Tomcat
really only allow assigning roles to authenticated users, or have I missed
something?
Best regards
Claus Nielsen
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.651 / Virus Database: 417 - Release Date: 05-04-2004
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
