File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Overlapping security constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Overlapping security constraints" Watch "Overlapping security constraints" New topic

Overlapping security constraints

Greg Donahue

Joined: Oct 07, 2003
Posts: 24
Does anyone know where in the Tomcat 4 documentation I can find details on creating "overlapping" security constraints? What I'm trying to do is guard URL patterns of the form:
from everyone except users with role "general_user", but then I also want to put added protections on URL patterns of the form:
so that these resources are guarded from everyone except users with role "specific_user:username". I know how to create roles and security constraints in my app's memory realm and the web.xml, but when I tried to do the above, the "general_user" users are allowed to access files in /root/username/private. Does anyone know what I should do?

vi veri veniversum vivus vici
jQuery in Action, 3rd edition
subject: Overlapping security constraints
It's not a secret anymore!