Servlet Constraint Matching

Wed, 16 Jan 2002 02:55:18 -0800 

Hi,

I am having trouble determining tomcat 4.0.1's implementation of constraint
match semantics.
I have a simple application for testing what I expect the matching behavior
to be - I have attached the .war file for your enjoyment.

My expectation is that an implementation of "best match" would result in a
precedence as follows:

1. Exact matches
2. Prefix matches longest (most precise) first - prefix constraints should
be sorted by length
3. Extension matches
4. Default matches

What I am observing appears to be closer to "first match" behavior.

I'm just hoping to get some insight into what the behavior is supposed to
be.

Thanks in advance,

--Larry

My web.xml is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.3//EN"
                         "http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>    
<servlet>
        <servlet-name>Constraints</servlet-name>
        <servlet-class>test.ConstraintMatchingServlet</servlet-class>
</servlet>

<servlet-mapping>
        <servlet-name>Constraints</servlet-name>
        <url-pattern>/acme/widget/x</url-pattern>
</servlet-mapping>

<servlet-mapping>
        <servlet-name>Constraints</servlet-name>
        <url-pattern>/acme/widget/longerprefix/x</url-pattern>
</servlet-mapping>

<welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<security-constraint>
        <web-resource-collection>
                <web-resource-name>exact-get-manager</web-resource-name>
                <url-pattern>*.jsp</url-pattern>
                <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>manager</role-name>
        </auth-constraint>
        <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
</security-constraint>

<security-constraint>
        <web-resource-collection>
                <web-resource-name>exact-get-manager</web-resource-name>
                <url-pattern>/acme/widget/*</url-pattern>
                <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>manager</role-name>
        </auth-constraint>
        <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
</security-constraint>

<security-constraint>
        <web-resource-collection>
                <web-resource-name>exact-get-manager</web-resource-name>
                <url-pattern>/acme/widget/longerprefix/*</url-pattern>
                <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>developer</role-name>
        </auth-constraint>
        <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
</security-constraint>

<security-constraint>
        <web-resource-collection>
                <web-resource-name>exact-get-manager</web-resource-name>
        
<url-pattern>/acme/widget/longerprefix/FormPostForManager.jsp</url-pattern>
                <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>manager</role-name>
        </auth-constraint>
        <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
</security-constraint>

<security-constraint>
        <web-resource-collection>
                <web-resource-name>exact-get-manager</web-resource-name>
                <url-pattern>/acme/widget/ssl/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>manager</role-name>
        </auth-constraint>
        <user-data-constraint>
                <transport-guarantee>INTEGRAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

<security-constraint>
        <web-resource-collection>
                <web-resource-name>exact-post-manager</web-resource-name>
                <url-pattern>/acme/widget/longerprefix/x</url-pattern>
                <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>manager</role-name>
        </auth-constraint>
        <user-data-constraint>
                <transport-guarantee>INTEGRAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

<security-constraint>
        <web-resource-collection>
        
<web-resource-name>prefix-get-post-manager-developer</web-resource-name>
                <url-pattern>/acme/widget/ssl/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>manager</role-name>
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Constraint Matching Application</realm-name>
</login-config>
</web-app>

--------------------------------------------
Larry McCay Senior Architect 
HP Bluestone
6000 Irwin Road
Mount Laurel, NJ 08054 USA
TEL +1 856.638.6035
FAX +1 856.638.6190
EMAIL [EMAIL PROTECTED]

Attachment: constraintmatching.war
Description: Binary data

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to