This week's book giveaway is in the General Computing forum.
We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Tomcat with multiple auth-constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Products » Tomcat
Reply Bookmark "Tomcat with multiple auth-constraints" Watch "Tomcat with multiple auth-constraints" New topic
Author

Tomcat with multiple auth-constraints

Doug Braidwood
Ranch Hand

Joined: Apr 04, 2010
Posts: 42
posted private message
0
Quote
Hi, I'm having trouble understanding how multiple <auth-constraint> elements combine.

The servlet spec says "The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded."

I set up a really simple test web.xml


What I would have expected is that the empty <auth-constraint> on Test1 meant that no-one could see anything. In practice, if I authenticate as a member I can see index.html fine.

Am I missing something?

SCJP, SCWCD
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Tomcat with multiple auth-constraints
 
Similar Threads
he doesn't ask for authenticate
Keep having to login with container based authentaction.
Help in Adding two security constraint in web.xml
security-constraint login error
web.xml security constraint won't work with roles