JR Galia
Reputation: 17269
AppEngine Security Constraint URL pattern
Currently, I have this security constraint for my GAE app.
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Resources</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
I want to have the same security constraint on all URL with the word admin e.g. /user/admin, /m/admin/index.jsp.
What url-pattern will work?
Upvotes: 0
Views: 880
Answers (1)
proppy
Reputation: 10504
I would recommend to use multiple <url-pattern> in your <security-constraint>, this will make it more obvious when browsing web.xml what are the constraints of each root URLs:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Resources</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<url-pattern>/m/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Upvotes: 2
Related Questions
- Security constraint is not working in App engine Standard java
- Accessing URL on google app engine
- GAE task, are the urls secure by design?
- How to use security contraint to protect part of url?
- AppEngine Security Constraint w/ Invalid Content was found starting with element url-pattern
- Google AppEngine: custom authentication
- How to secure URL parameters in java
- How to make urls secure on GAE using the django_wsgi builtin
- Defining servlet url patterns using regular expressions on Google App Engine platform
- Google Appengine URL security