jQuery in Action, 2nd edition*
The moose likes Tomcat and the fly likes Overlapping security constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Overlapping security constraints" Watch "Overlapping security constraints" New topic
Author

Overlapping security constraints

Greg Donahue
Greenhorn

Joined: Oct 07, 2003
Posts: 24
Hi,
Does anyone know where in the Tomcat 4 documentation I can find details on creating "overlapping" security constraints? What I'm trying to do is guard URL patterns of the form:
/root
and
/root/*
from everyone except users with role "general_user", but then I also want to put added protections on URL patterns of the form:
/root/username/private
and
/root/username/private/*
so that these resources are guarded from everyone except users with role "specific_user:username". I know how to create roles and security constraints in my app's memory realm and the web.xml, but when I tried to do the above, the "general_user" users are allowed to access files in /root/username/private. Does anyone know what I should do?
Thanks,
Greg


vi veri veniversum vivus vici
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Overlapping security constraints