On 02/03/2011 06:54, Michael McCutcheon wrote: > I'm using Tomcat 7.0.8. > > I have a servlet with a doGet method that has a @DenyAll annotation > applied to it. > > However, when I run the servlet, it seems to make no difference, and > doGet is still called. > > It was my understanding that @DenyAll was supposed to prevent access to > the method on which it is applied. > > Do I need to turn something on to get Tomcat to recognize the security > annotations? I can't get any of the security annotations to do anything.
You need to read the Servlet 3 specification. @DenyAll is not part of Servlet 3.0. To quote from the change log: <quote> Added a new annotation - @ServletSecurity (and associated annotation for the fields) for defining security as opposed to re-using the @RolesAllowed, @PermitAll, @DenyAll </quote> Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
