File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Tomcat with multiple auth-constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat with multiple auth-constraints" Watch "Tomcat with multiple auth-constraints" New topic
Author

Tomcat with multiple auth-constraints

Doug Braidwood
Ranch Hand

Joined: Apr 04, 2010
Posts: 42
Hi, I'm having trouble understanding how multiple <auth-constraint> elements combine.

The servlet spec says "The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded."

I set up a really simple test web.xml


What I would have expected is that the empty <auth-constraint> on Test1 meant that no-one could see anything. In practice, if I authenticate as a member I can see index.html fine.

Am I missing something?


SCJP, SCWCD
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat with multiple auth-constraints
 
Similar Threads
he doesn't ask for authenticate
web.xml security constraint won't work with roles
Help in Adding two security constraint in web.xml
security-constraint login error
Keep having to login with container based authentaction.