-----Original Message-----
From: Ruth, Brice
The security constraint is based on the actual URL
requested, not the resource that is being accessed. So, if
you're accessing:
http://my.host.com/ - and its actually loading
http://my.host.com/repository/index.jsp, then your
security-constraint won't be triggered if you don't have /*
indicated. With a constraint of /repository/index.jsp, try
accessing that path directly from your browser - the
constraint *should* be triggered then.
in my web.xml I have
<servlet-mapping>
<servlet-name>repository</servlet-name>
<url-pattern>/repository</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getit</servlet-name>
<url-pattern>/getit</url-pattern>
</servlet-mapping>
I.e. its a one to one, so if I understand you correctly,
when I browse to http://localhost/repository/index.jsp
my uril-pattern should be
<security-constraint>
<web-resource-collection>
<web-resource-name>Read-WriteArea</web-resource-name>
<url-pattern>/repository/*</url-pattern>
I have other (html files) in
/webapps
/repository
/upload
index.html
/search
index.html
question.
I'm assuming these are 'part of' the repository app? Is that right?
What should the uri-pattern be for these?
Again the browse path will be
http://localhost/repository/upload/index.html
I want to have different security requirements for upload and search.
If I have the security constraint on repository defined with url-pattern
of /*, I'm thinking that will cover all the descendents of the repository
directory? Is that wrong?
regards daveP
** snip here **
--
DISCLAIMER:
NOTICE: The information contained in this email and any attachments is
confidential and may be privileged. If you are not the intended
recipient you should not use, disclose, distribute or copy any of the
content of it or of any attachment; you are requested to notify the
sender immediately of your receipt of the email and then to delete it
and any attachments from your system.
RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants. However, it
cannot accept any responsibility for any such which are transmitted.
We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email and
any attachments are those of the author and do not necessarily represent
those of RNIB.
RNIB Registered Charity Number: 226227
Website: http://www.rnib.org.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
