DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41843>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41843 Summary: weak <security-constraint> accesses blocking behaviour Product: Tomcat 5 Version: 5.5.20 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Webapps:Administration AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] using Tomcat 5.5.20, in my web.xml I added <security-constraint> <web-resource-collection> <web-resource-name>private</web-resource-name> <url-pattern>/private/*</url-pattern> </web-resource-collection> <auth-constraint> <description>No Access</description> </auth-constraint> </security-constraint> but if in the webapp docBase a directory with "private" name exists, it doesn't block access to it. Otherwise, if no directory with "private" name exists in the docBase, it works fine. In Tomcat 5.5.9 it works always fine, since it blocks accesses either if "private" directory exists or not. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
