mit*_*dir 13 java web.xml servlets security-constraint
我在web.xml中输入了以下安全约束.我的目标是XML文件位于Public区域.这适用于该/images/*文件夹.但是url-pattern *.xml似乎不起作用.有任何想法吗 ?
<security-constraint>
<web-resource-collection>
<web-resource-name>Public Area</web-resource-name>
<url-pattern>/xyz</url-pattern>
<url-pattern>/images/*</url-pattern>
<url-pattern>/yyz/*</url-pattern>
<url-pattern>*.xml</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Super User Area</web-resource-name>
<url-pattern>/test/list1</url-pattern>
<url-pattern>/test/list2</url-pattern>
<url-pattern>/test/list3</url-pattern>
<url-pattern>/test/admin.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SUPER_USER</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
<role-name>END_USER</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Super User</description>
<role-name>SUPER_USER</role-name>
</security-role>
<security-role>
<description>Admin User</description>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
<description>End User</description>
<role-name>END_USER</role-name>
</security-role>
您的其他一个URL模式匹配的不仅仅是这个url-pattern- *.xml requestURI,这就是它无法正常工作的原因.例如,如果您有/test/list/user.xml,那么这将被视为超级用户区域中的Web资源集合,因此SUPER_USER只能访问.因此,请确保声明url-pattern更具体,以避免冲突和错误解释.谢谢
| 归档时间: |
|
| 查看次数: |
41320 次 |
| 最近记录: |