in the Specs of Servlets: <url-pattern>*, which means that it is optional (0 to many). what happens if you omit the <url-pattern> inside <web-resource-collection>? [ April 29, 2008: Message edited by: Musab Al-Rawi ]
url-pattern for web-resource-collection is required. See page 133 of the Servlet 1.4 spec. If it were optional it would specify minOccurs="0" for the url-pattern element.
if <url-pattern> is missed in <web-resource-collection> then the server ignores <web-resource-collection> element, because there is no meaning to <web-resource-collection> element if we dont use <url-pattern> in it.
Generally it will be <url-pattern>*</url-pattern>, so that anyone can access any URL, that means all users can access the all parts of the application.
in the blow case: <url-pattern>/security/xyz.jsp</url-pattern>, if you specify perticular user, then he alone can access this url. [ April 29, 2008: Message edited by: Kumar Garlapati ]
Generally it will be <url-pattern>*</url-pattern>, so that anyone can access any URL, that means all users can access the all parts of the application.
I think you meant to say that all resources are restricted (for the specified methods and roles) unless a user (that belongs to the specified role(s)) is loggedin. Am I correct?
Yeah I think you are right...All the resources get restricted.....And if you want specific resources to be restricted and rest everything to be accessed then you should be writing /jsp/* ..just an example...which will restrict all the jsp pages..but the images, css and all such other resources will still be accessible....
Don't get me started about those stupid light bulbs.