Description
For example,
<web-app>
..
<security-constraint>
<web-resource-collection>
<web-resource-name>Access to all of the APP</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
..
</security-constraint>
..
</web-app>
The java.lang.IllegalArgumentException("Qualifier patterns in the URLPatternSpec cannot match the first URLPattern") exception is thrown from:
javax.security.jacc.URLPatternSpec.<init>(java.lang.String) line: 54
javax.security.jacc.WebResourcePermission.<init>(java.lang.String, java.lang.String) line: 54
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(..) line: 1000
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(..) line: 400
Looking at the last paragraph of page 22 of the JACC spec, it seems this should be allowed as it paragraph discusses patterns being made irrelevant by the presence of the path prefix pattern "/*" in a deployment descriptor.