wood burning stoves*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes url-pattern in web-resource-collection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "url-pattern in web-resource-collection" Watch "url-pattern in web-resource-collection" New topic
Author

url-pattern in web-resource-collection

Musab Al-Rawi
Ranch Hand

Joined: Aug 06, 2007
Posts: 231
Hi all,

in the Specs of Servlets: <url-pattern>*, which means that it is optional (0 to many).
what happens if you omit the <url-pattern> inside <web-resource-collection>?
[ April 29, 2008: Message edited by: Musab Al-Rawi ]

SCBCD - SCWCD - SCJD - SCJP - OCA
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

url-pattern for web-resource-collection is required. See page 133 of the Servlet 1.4 spec. If it were optional it would specify minOccurs="0" for the url-pattern element.


A good workman is known by his tools.
Kumar Garlapati
Ranch Hand

Joined: Feb 04, 2008
Posts: 38
if <url-pattern> is missed in <web-resource-collection> then the server ignores <web-resource-collection> element, because there is no meaning to <web-resource-collection> element if we dont use <url-pattern> in it.

Generally it will be <url-pattern>*</url-pattern>, so that anyone can access any URL, that means all users can access the all parts of the application.

in the blow case:
<url-pattern>/security/xyz.jsp</url-pattern>, if you specify perticular user, then he alone can access this url.
[ April 29, 2008: Message edited by: Kumar Garlapati ]

Regards,<br />Kumar
Musab Al-Rawi
Ranch Hand

Joined: Aug 06, 2007
Posts: 231
Thanks.

Kumar:
Generally it will be <url-pattern>*</url-pattern>, so that anyone can access any URL, that means all users can access the all parts of the application.


I think you meant to say that all resources are restricted (for the specified methods and roles) unless a user (that belongs to the specified role(s)) is loggedin. Am I correct?
PrachiS Shah
Greenhorn

Joined: Sep 02, 2010
Posts: 10
Yeah I think you are right...All the resources get restricted.....And if you want specific resources to be restricted and rest everything to be accessed then you should be writing /jsp/* ..just an example...which will restrict all the jsp pages..but the images, css and all such other resources will still be accessible....
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: url-pattern in web-resource-collection
 
Similar Threads
Web.xml - ByPass security
Deny Remote Access but Allow Include?
doubt upon "auth-constraint".
localhost:8080 --> mydomain.com
Required elements in web-resource-collection