Remy Maucherat wrote: > Remy Maucherat wrote: > >>> BTW - I assume you read the discussion on authorization - the problem >>> is the same ( mapping requests URIs to constraints ), it would be good >>> if we can reuse some code. >> >> >> The mapping code is generic. I was thinking about having the mapper do >> the constraint mappings (as it's the same operation) also. > > Oops, I just remembered the mapping rules are not the same (for the > constraints, it's the first match according to the order defined in > web.xml).
Yes, don't you love the spec :-) ? It'll be very fun to watch JSR115 and the Policy - since that's a best match too ( like all web servers in the world ). Will they break the servlet spec or the java security spec ? Or both ( and invent their own rules ) ? Anyway - people who use web servers for authentication are usually aware and don't mix server auth with servlet auth ( or so I hope... - otherwise we would have had far more security reports ). Hopefully the Policy based authorization will be adopted - and the broken servlet authorization deprecated... Costin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
