Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Overlapping security constraints

 
Greg Donahue
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Does anyone know where in the Tomcat 4 documentation I can find details on creating "overlapping" security constraints? What I'm trying to do is guard URL patterns of the form:
/root
and
/root/*
from everyone except users with role "general_user", but then I also want to put added protections on URL patterns of the form:
/root/username/private
and
/root/username/private/*
so that these resources are guarded from everyone except users with role "specific_user:username". I know how to create roles and security constraints in my app's memory realm and the web.xml, but when I tried to do the above, the "general_user" users are allowed to access files in /root/username/private. Does anyone know what I should do?
Thanks,
Greg
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic