Meaningless Drivel is fun!*
The moose likes Servlets and the fly likes declarative authorization not working Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "declarative authorization not working" Watch "declarative authorization not working" New topic
Author

declarative authorization not working

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Hi,

This is my web.xml:


<web-app>

<security-constraint>

<web-resource-collection>

<web-resource-name>anything</web-resource-name>

<url-pattern>/aa/restrict.jsp</url-pattern>

<http-method>GET</http-method>
<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

</auth-constraint>

</security-constraint>

<security-role>
<role-name>tomcat</role-name>
<role-name>role1</role-name>
<role-name>admin</role-name>
</security-role>

</web-app>


Where these three roles are present in my tomcat-users.xml. No other role is there in tomcat-users.xml.

And I have a JSP restrict.jsp on root. When I access this JSP directly I shouldn't be allowed. As no <role-name> is present in <auth-constraint> means no role is allowed. But I can access this JSP. Why so?

Thanks.
[ June 02, 2007: Message edited by: ankur rathi ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: declarative authorization not working