On 14/12/2023 17:28, ResSoft wrote:
Chris,
I figured out how to make this work. It works in my dev dox but not in
my prod box. Both have the same version of tomcat. Here is the web.xml entry.
I any ideas would be great.
Those constraints look correct to me and a quick test using the examples
webapp with a default Tomcat install confirms that.
I think you need to look for differences between dev and prod.
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTP-Protected-Resource-1</web-resource-name>
<description>Description here</description>
<url-pattern >/path to directory/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
You *really* don't want to be specifying HTTP methods here.
Google for "uncovered HTTP methods"
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
