I was wondering how I can protect certain servlet subdirectories. For
example, lets say that in WEB-INF/classes I have two subdirectories: app1
and app2. How do I use the security-constraint to protect (force the user to
login) app1 but not have them login to classes in app2? I have tried this in
my web.xml file, but the login page doesn't appear and I go directly to the
page:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/servlet/app1.*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>usr</role-name>
</auth-constraint>
</security-constraint>
Is this possible? If so, how can this be achieved?
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
