"Christopher Schultz" <ch...@christopherschultz.net> wrote in message news:4ab3f5f1.5060...@christopherschultz.net... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter, > > On 9/18/2009 4:34 PM, Peter Holcomb wrote: >> Thanks for your response. I've read through the example in 13.7.2 of >> the spec > > Which version of the spec? I don't see a section 13.8 at all in either > 2.4 or 2.5 of the spec. I see the heading "Combining Constraints" listed > under 12.7.1. > >> but I don't think I'm understanding how the union works. > > I think Tim is incorrect, here. Neither the url-pattern nor the > http-methods overlap, therefore no combining should occur. >
I haven't checked the Servlet 3 spec, but with earlier versions, the union process is to give you the *least* restrictive checking (i.e. you just have to pass one constraint to pass). And, yes, the url-patterns in this case overlap since '/*' and '*.xhtml' both apply to /myapp/foobar.xhtml. There is no provision for 'best match' on url-pattern like there is for servlet-mapping. So Tim is right, and Tomcat is doing what the spec says it should do. Complaints would have to be sent to the Servlet spec expert group ;). >> According to my thought process, the url patterns are: >> >> *.xhtml - access precluded >> >> /* PUT,DELETE,TRACE,OPTIONS - access precluded > > The example I see in 12.7.2 seems to support your expectations. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkqz9fEACgkQ9CaO5/Lv0PCyhQCghhbzT4ruq1in03G4GTbsI2DD > v7UAmgKCOefa4O0gcDBTsnDHHePDDSY9 > =UViR > -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
