[GERONIMO-5578] incorrect behaviour of security-constraint configuration in web.xml - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 2.1.7, 2.2.1, 3.0.0
Component/s: Tomcat
Security Level: public (Regular issues)
Labels:
None

Description

When have following configuration in web.xml, GET and POST can be accessed by both "RoleA" and "RoleB".

<security-constraint>
<web-resource-collection>
<web-resource-name>resource2</web-resource-name>
<url-pattern>/SampleServlet2</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RoleA</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>resource3</web-resource-name>
<url-pattern>/SampleServlet2</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RoleB</role-name>
</auth-constraint>
</security-constraint>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

GERONIMO-5578.patch
15/Sep/10 02:34
10 kB
Hong Fang Han
web7.xml
26/Sep/10 08:20
2 kB
Hong Fang Han

Activity

People

Assignee:: Haihong Xu

Reporter:: Hong Fang Han

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Sep/10 17:11

Updated:: 02/Nov/10 03:07

Resolved:: 27/Sep/10 06:18