[Sorry if this appears twice, my maill UI hiccuped.]
I thought I understood how contained-managed auth worked, but
obviously I'm missing something.
Hers' what I have right now
<security-constraint>
<web-resource-collection>
<web-resource-name>JDBCRealmTest</web-resource-name>
<description>accessible by authenticated users of the
adoption-admin role</description>
<url-pattern>/Adoption/application/list</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>adoption-admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyFirst Protected Area</realm-name>
</login-config>
<security-role>
<description>Only ‘adoption-admin’ role is allowed to access this
web application</description>
<role-name>adoption-admin</role-name>
</security-role>
I thought this would require auth for the url
/Adoption/application/list, but there is no challenge when I test. I
have fooled with the url-pattern but the only pattern I can get to
work is '/Adoption/*'. I have tried '/Adoption',
'/Adoption/application/list/*', but none of them cause a challenge.
What am I missing?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
