[EMAIL PROTECTED] wrote:
in my web.xml I have
<servlet-mapping> <servlet-name>repository</servlet-name> <url-pattern>/repository</url-pattern> </servlet-mapping>
<servlet-mapping> <servlet-name>getit</servlet-name> <url-pattern>/getit</url-pattern> </servlet-mapping>
I.e. its a one to one, so if I understand you correctly,
when I browse to http://localhost/repository/index.jsp my uril-pattern should be
<security-constraint> <web-resource-collection> <web-resource-name>Read-WriteArea</web-resource-name> <url-pattern>/repository/*</url-pattern>
I have other (html files) in /webapps /repository /upload index.html /search index.html
question.
I'm assuming these are 'part of' the repository app? Is that right?
What should the uri-pattern be for these?
Again the browse path will be
http://localhost/repository/upload/index.html I want to have different security requirements for upload and search.
If I have the security constraint on repository defined with url-pattern
of /*, I'm thinking that will cover all the descendents of the repository
directory? Is that wrong?
regards daveP
Dave,
That's a correct assumption. You should be able to do what you're wanting to do, the main thing to understand is that if you need to set a granular constraint, say for /repository/search/index.html, then you need to access that page as such. On the other hand, if you want to take advantage of index files, then a security constraint in the form of /repository/search/ should work (no wildcard "*" at the end). Its really just a pattern/glob match that takes place to determine if a security constraint should be invoked or not. This last pattern should only be invoked for /repository/search/, not for anything else. Same goes if you have one tied to /repository/. I would advise that you add an additional URL-pattern for the actual index file as well, otherwise, if that file is accessed directly, then the security constraint will not be invoked.
Hope this helps! -Brice
-- Brice Ruth, Sr. IT Analyst Fiskars Brands Inc http://www.fiskarsbrands.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
