> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 12, 2001 2:56 PM > To: [EMAIL PROTECTED] > Subject: Doesn't Tomcat support wildcards like *.jsp or *.html at > <web-res ource-collection>?? > > > Hi, > I've tried to use wildcards for a webresource collection like *.jsp > to denie "guests" to access these pages but it doesn't work > with tomcat > 3.2.3 > Isn't that defined within the servlet specification? > > Sample: > <security-constraint> > <web-resource-collection> > <web-resource-name>/jsp/*.jsp</web-resource-name> > <url-pattern>/jsp/*.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > The spec does not allow * to be in the middle of a string - it must be at one end or the other. > Can I add a further web-resource-collection in a subdirectory > of /jsp and > give access to everyone? Like /jsp/images/* --> role-name > = everyone > What is the "everyone" role that requires no password with > tomcat 3.2.3? On this I don't know. >
