On 12/12/09 04:52, Felipe Gaścho wrote:
> I am trying to allow any user to access my application, keeping some
> constraints to certain resources only...
>
> if I edit by hand the granted.policy file it works:
>
Hi Felippe,
BTW, I tried to comment on your post at:
http://weblogs.java.net/blog/2006/01/04/security-manager-enabled-your-server
but couldn't figure out how to do so. Anyway, some of the stuff you say
in there about the role of
the SecurityManager wrt to Java EE apps, is misleading
you may find the info in the following helpful;
http://blogs.sun.com/monzillo/entry/policy_files_the_securitymanager_and
> grant {
> permission java.security.AllPermission "/";
>
> }
>
> now I am trying to define such a permission through the web.xml file:
>
> <security-constraint>
> <display-name>Trying to allow others</display-name>
> <web-resource-collection>
> <web-resource-name>Test</web-resource-name>
> <description />
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> </security-constraint>
>
> it is not working.......
>
>
a security constraint is composed of 2 high level parts;
1. one or more web-resource collections that define the paths and http
methods at those
paths, to which the security protection defined within the constraint
applies
2. the definition of the security protection, an auth-constraint and/or
a userdata-constraint
In your example above, you have not defined the security protection;
which means that the
no protection applies to the paths and http methods defined by your
constraint.
Take a look at the servlet spec for a more complete description of
security-constraints, and
the @ServletSecurity annotation.
Ron
> how to do that ?
>
>
>
>