Reputation: 16
Tomcat url-pattern problems
I'm trying to secure my webapplication using tomcats security constraint. Therefore i added a folder "prot", I want to secure through the url-pattern in the web.xml. When I change the tag to <url-pattern>/prot</url-pattern> my login page doesn't appear, therefor the file i wanted to protect. Wehn I change the path to <url-pattern>/*</url-pattern> the page login-page appears, but without any javascript i defined in a separate file (which is blocked from tomcat?).
On the context i added the path /mywebapp/prot. How do i secure the folder prot ? Thanks in advance!
Upvotes: 0
Views: 800
Answers (1)
Reputation: 29814
You should secure by default and unsecure what you want.
The constraints must be declared from the most specific to the most generic in web.xml, so that you match the most specific first.
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecure resources</web-resource-name>
<url-pattern>/unsecure</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>authenticated</role-name>
</auth-constraint>
</security-constraint>
Upvotes: 2
Related Questions
- java.lang.IllegalArgumentException: Invalid <url-pattern> in servlet mapping
- web.xml URL pattern
- url-pattern in web.xml not recognising multiple url
- URL patterns in web.xml too permissive?
- War deployment exception
- why *.jsp url pattern in web.xml does not work
- url-pattern Servlet Tomcat 7.0
- Tomcat Web xml URL-Pattern does not accept urls with parameters?
- Trouble with web.xml url pattern
- web.xml URL pattern matching question for Tomcat