Hi,
Does anyone on the list know where the <url-pattern> element is verified
in the tomcat 4.0.x source? For example I have the following web.xml
snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Web Application</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
</auth-constraint>
</security-constraint>
The above protects the url <app_context>/servlet/* works but but I would
like to change it so that it will also work for
<app_context>/servlet/protected* which doesn't seem to work. Anyone got
ideas? Is there anything security problem in allowing this?
Thanks in advance.
Regards,
Dan
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
