Hi all,
I am trying to secure the index page of a web application but
at the same time allow deeper path to be unprotected. For example:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/</url-pattern>
<url-pattern>/other/protected/*</url-pattern>
</web-resource-collection>
</security-constraint>
But Tomcat 5.0 and 5.5 behave as I have written:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>/other/protected/*</url-pattern>
</web-resource-collection>
</security-constraint>
...they basically secure everything.
I checked the source code, and indeed, the "/" pattern is treated as a
special one and it is called the "universal mapper".
I could not find anything in the spec about this "universal mapper" and
also I could not find anything that explains this behaviour for "/".
Any suggestions in this regard?
Thanks,
Marius
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
