Clever Geek Handbook

Lots of <security-constraint> doesn't work

I have the following in GlassFish deployed EAR:

<security-constraint>
<web-resource-collection>
        <web-resource-name>Secure Pages</web-resource-name>
        <url-pattern>/restricted/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <web-resource-collection>
        <web-resource-name>Secure Pages</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

But when I add another stanza, like this, the original still works, but not the new security constraint, the new security constraint:

    <security-constraint>       
    <web-resource-collection>
        <web-resource-name>Secure Pages</web-resource-name>
        <url-pattern>/su/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <auth-constraint>
        <role-name>su</role-name>
    </auth-constraint>
</security-constraint>

Does anyone see the problem?

+2


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles