Mark,
On 4/8/25 5:40 PM, Mark Thomas wrote:
8 Apr 2025 21:45:50 Christopher Schultz <ch...@christopherschultz.net>:
Justin,
On 4/8/25 3:16 AM, Justin Chen wrote:
Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required role="admin"
2. "/cgi-bin/updateOrder" //update order, required role="biz"
In order to protect above endpoints via web.xml security-constraints
mechanism, how shall I do?
It should be as simple as this in your web.xml:
Whether the below is correct depends on how the CGI Servlet is mapped.
And the OP hasn't provided that information.
+1
I first wrote, then deleted three paragraphs on that exact topic before
sending my reply. I didn't want to go into too much detail because it
really depends upon the use case.
The best thing to do is declare exactly one CGI script per url-pattern,
then match all security constraints matching each of those url-patterns.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
