• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constrain and security-role

 
Elinor Chang
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to config my tomcat to restrict the usage of POST method to any of my pages. I configure as the following in the web.xml
<security-constraint>
<display-name> Privileged user only </display-name>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>
Defines privileged user for this tomcat installation
</description>
<role-name>amdin</role-name>
</security-role>
It seems working but I got 'error' is a 500 and I am expecting a 404. There is the error massage
HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal
Is there anything I did wrong?
Thanks
Elinor
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic