Two Laptop Bag*
The moose likes Tomcat and the fly likes Tomcat with multiple auth-constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat with multiple auth-constraints" Watch "Tomcat with multiple auth-constraints" New topic
Author

Tomcat with multiple auth-constraints

Doug Braidwood
Ranch Hand

Joined: Apr 04, 2010
Posts: 42
Hi, I'm having trouble understanding how multiple <auth-constraint> elements combine.

The servlet spec says "The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded."

I set up a really simple test web.xml


What I would have expected is that the empty <auth-constraint> on Test1 meant that no-one could see anything. In practice, if I authenticate as a member I can see index.html fine.

Am I missing something?


SCJP, SCWCD
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat with multiple auth-constraints
 
Similar Threads
Help in Adding two security constraint in web.xml
Keep having to login with container based authentaction.
he doesn't ask for authenticate
security-constraint login error
web.xml security constraint won't work with roles