- This will not work at all (several wildcards):
<url-pattern>/stations/*/departure/*</url-pattern>
- This will not work as expected, because only one security constraint will be checked (both constraints work separately):
<security-constraint>
<display-name>Station 14 constraint</display-name>
<web-resource-collection>
<web-resource-name>All station 14'th resources</web-resource-name>
<url-pattern>/stations/14/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>STATION_14</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>View arrival constraint</display-name>
<web-resource-collection>
<web-resource-name>View arrival page</web-resource-name>
<url-pattern>/stations/14/arrival/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>VIEW_ARRIVAL</role-name>
</auth-constraint>
</security-constraint>
Tuesday, April 7, 2009
web.xml security limitations
It appears that web.xml security is kinda useless in the real world - it has few severe limitations:
Subscribe to:
Posts (Atom)