This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Overlapping security constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Overlapping security constraints" Watch "Overlapping security constraints" New topic
Author

Overlapping security constraints

Greg Donahue
Greenhorn

Joined: Oct 07, 2003
Posts: 24
Hi,
Does anyone know where in the Tomcat 4 documentation I can find details on creating "overlapping" security constraints? What I'm trying to do is guard URL patterns of the form:
/root
and
/root/*
from everyone except users with role "general_user", but then I also want to put added protections on URL patterns of the form:
/root/username/private
and
/root/username/private/*
so that these resources are guarded from everyone except users with role "specific_user:username". I know how to create roles and security constraints in my app's memory realm and the web.xml, but when I tried to do the above, the "general_user" users are allowed to access files in /root/username/private. Does anyone know what I should do?
Thanks,
Greg


vi veri veniversum vivus vici
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Overlapping security constraints
 
Similar Threads
How to set a user's role
security constraints - login doesnt work
access control with realm db
howto config two security-constraints?
Studying HeadFirst book: cannot make authentification