leo,
thanks for the suggestion, and sorry for the delay in resolving this.
I think there is relatively complete solution, that I will include in the jacc MR, and that will not require any additional syntax in web.xml or in the permission constructors.
It is a composite of some of techniques I outlined in my earlier note. That is, I will that
containers use escaped encoding (as defined in RFC 2396) on colon characters occuring
1. within url-patterns obtained from web.xml, and
2. within patterns extracted from HttpServletRequest objects and used to create the names of checked WebResourcePermission and WebUserDataPermission objects.
I have started making the spec changes, and am testing the code changes.
Did you already create a Glassfish issue? if not can you do so.
thanks,
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=273886