jQuery in Action, 3rd edition
The moose likes Tomcat and the fly likes Overlapping security constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Overlapping security constraints" Watch "Overlapping security constraints" New topic

Overlapping security constraints

Greg Donahue

Joined: Oct 07, 2003
Posts: 24
Does anyone know where in the Tomcat 4 documentation I can find details on creating "overlapping" security constraints? What I'm trying to do is guard URL patterns of the form:
from everyone except users with role "general_user", but then I also want to put added protections on URL patterns of the form:
so that these resources are guarded from everyone except users with role "specific_user:username". I know how to create roles and security constraints in my app's memory realm and the web.xml, but when I tried to do the above, the "general_user" users are allowed to access files in /root/username/private. Does anyone know what I should do?

vi veri veniversum vivus vici
I agree. Here's the link: http://aspose.com/file-tools
subject: Overlapping security constraints
It's not a secret anymore!