Justin,
On 4/8/25 3:16 AM, Justin Chen wrote:
Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required role="admin"
2. "/cgi-bin/updateOrder" //update order, required role="biz"
In order to protect above endpoints via web.xml security-constraints mechanism,
how shall I do?
It should be as simple as this in your web.xml:
<web-app>
....
<security-constraint>
<web-resource-collection>
<web-resource-name>admin-stuff</web-resource-name>
<url-pattern>/cgi-bin/update</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>biz-stuff</web-resource-name>
<url-pattern>/cgi-bin/updateOrder</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>biz</role-name>
</auth-constraint>
</security-constraint>
</web-app>
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
