Hello Chris Thank you very much for your response. I thought I did it? The pattern /rest/device is in the xml that I sent.?
Michael -----Ursprüngliche Nachricht----- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Montag, 13. Februar 2012 19:01 An: Tomcat Users List Betreff: Re: problem with auth-constraint in xml -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, On 2/13/12 8:30 AM, Hugi Michael, Informaticon AG wrote: > I have a problem with defining <auth-constraint> in the web.xml of my > java project. I defined sereval user roles, which have access to > sereval <url-pattern>. Here is a part of the xml, in which I define > patterns, that can be acessed by every role. > > <security-constraint> <web-resource-collection> > <web-resource-name>Webservice for everyone</web-resource-name> > <url-pattern>/push</url-pattern> > <url-pattern>/rest/version/*</url-pattern> > <url-pattern>/rest/lizenz/*</url-pattern> > <url-pattern>/rest/device</url-pattern> > <url-pattern>/rest/device/*</url-pattern> > <url-pattern>/rest/eventlog/*</url-pattern> > </web-resource-collection> <auth-constraint> <role-name>role > 1</role-name> <role-name>role 2</role-name> <role-name>role > 3</role-name> </auth-constraint> </security-constraint> > > Until here, all works fine. Now I want to be sure, not to make any > mistake, when I add a new url, so I need to refuse access by default > to any other url. This is the code, how I make it. > > <security-constraint> <web-resource-collection> > <web-resource-name>Everything forbidden</web-resource-name> > <url-pattern>/*</url-pattern> </web-resource-collection> > <auth-constraint /> </security-constraint> > > > Now I got a strange problem. I can access any url with > /rest/device/* without any problem. When I try to access /rest/device > I get the error 403 forbidden. On /rest/device/* I'm using GET and on > /rest/device I'm using POST. Did someone had any similar problem? I'm > using Tomcat 7.0 Note that the URL pattern "/rest/device/*" doesn't match "/rest/device": you are missing a required trailing slash. Try adding "/rest/device" to your list of <url-pattern>s defined in the <web-resource-collection> with the name "Webservice for everyone" and see if that improves things. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk85T9wACgkQ9CaO5/Lv0PC+2wCcCzKnS2qa3fuFbWwbvJjAozvs MCAAni0cs/lcdP5KbSyThi7ri/1SeW8Q =7GSw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
