Hello, I'm trying to figure out how to disable container-managed security in web app on Tomcat 4.1.12, but I'm having a hell of a time doing it.
I've tried setting security-contraints/role-name tag to * for all resources (as in the XML snippet I enclose below), but that doesn't seem to have any effect. Yet I have read that wildcards are supposed to be acceptable in the latest Servlet API. One wrinkle is that I'm doing this in order to override for my own purposes the "roles" parameter of the Struts configuration file. But Struts normally passes these roles to the app server's sercurity machinery, which I why I'm trying to shut it off. At first I thought this was a Struts question, but now I think maybe I'm just wrestling with web.xml or server.xml, and maybe it's really more to do with tomcat. Any help would be greatly appreciated! Thanks, Alexis Gallagher --- begin XML snippet --- <security-constraint> <web-resource-collection> <web-resource-name>All Resources</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> --- end XML snippet --- __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
