Skip to main content

[JIRA] Commented: (SERVLET_SPEC-30) Configure default behavior of url pattern not covered by security constraint

  • From: "gregwilkins (JIRA)" <jira-no-reply@...>
  • To: issues@...
  • Subject: [JIRA] Commented: (SERVLET_SPEC-30) Configure default behavior of url pattern not covered by security constraint
  • Date: Tue, 31 Jan 2012 01:53:40 +0000 (GMT+00:00)
  • Auto-submitted: auto-generated


    [ 
http://java.net/jira/browse/SERVLET_SPEC-30?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=330279#action_330279
 ] 

gregwilkins commented on SERVLET_SPEC-30:
-----------------------------------------

Note that this used to be very difficult to do because it was impossible to 
add a constraint that forbid /* and then to add other constraints that 
relaxed the criteria on other URIs - because it was impossible to explicitly 
match "/".

Now with the "" pattern matching root, it is possible to use normal 
constraints to implement a deny by default and permit by specific pattern 
approach.   So maybe we don't need a change in the spec for this.

> Configure default behavior of url pattern not covered by security constraint
> ----------------------------------------------------------------------------
>
>                 Key: SERVLET_SPEC-30
>                 URL: http://java.net/jira/browse/SERVLET_SPEC-30
>             Project: servlet-spec
>          Issue Type: New Feature
>            Reporter: Shing Wai Chan
>            Assignee: Shing Wai Chan
>
> If an url pattern is not covered by security-constraint, then the default 
> behavior is "permit all".
> One would like to configure the default behavior to be "deny all".

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[JIRA] Created: (SERVLET_SPEC-30) Configure default behavior of url pattern not covered by security constraint

Shing Wai Chan (JIRA) 01/17/2012

[JIRA] Commented: (SERVLET_SPEC-30) Configure default behavior of url pattern not covered by security constraint

gregwilkins (JIRA) 01/31/2012
 
 
Close
loading
Please Confirm
Close