Servlet web.xml authentication for welcome page
Question
I have a web.xml which looks like:
<web-app>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Default</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Index page</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
</security-constraint>
...
We want to deny access to resources by default, and specify the resources we want to allow access to.
If a user goes to http://localhost:8080/ they get access denied, however, if the go to http://localhost:8080/index.jsp it allows them in. Both URLs should show the same page, and both should be allowed. What am I doing wrong here?
Solution
I think the thing to do will be to specify /*
to catch the default, and do specific patterns like /somethingElse.jsp
to catch any other pages that are not index.jsp. Hopefully your top level "directory" isn't very cluttered.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow