Tomcat security-constraint url-pattern not working

Question

I have been trying to get authentication in a project of mine but it seems like the url-pattern in Tomcat's security-constraint either only accepts '/*' or any other root level pattern - meaning - I can "protect" all pages using

<url-pattern>/*</url-pattern>

but if I try something like

<url-pattern>/privateClinic/*</url-pattern>

it doesn't even register leaving all pages "open"

The same goes for locking all pages and adding another, more specific security constraint without auth-constraint for the public folder

<url-pattern>/WEB-INF/*</url-pattern>

Doesn't recognize the pattern and does not "unlock" the folder

Thanks in advance!

This is the whole XML file, as it is it locks nothing (although i'd like it to!):

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name>MyClinic</display-name>


   <filter>
      <filter-name>struts2</filter-name>
      <filter-class>
         org.apache.struts2.dispatcher.FilterDispatcher
      </filter-class>
   </filter>

   <filter-mapping>
      <filter-name>struts2</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>


  <servlet>
    <servlet-name>MyClinicControl</servlet-name>
    <servlet-class>ICM.WelcomeControl</servlet-class>
  </servlet>
  <!-- 
  <servlet-mapping>
    <servlet-name>MyClinicControl</servlet-name>
    <url-pattern>/myclinic</url-pattern>
  </servlet-mapping>
  -->

  <welcome-file-list>
    <welcome-file>ClinicWelcome.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>private</web-resource-name>
      <url-pattern>/privateClinic/*</url-pattern>       <!-- PROBLEM-->
   </web-resource-collection>
    <auth-constraint>
      <role-name>doctor</role-name>
    </auth-constraint>
  </security-constraint>


  <security-role>
    <role-name>doctor</role-name>
  </security-role>
  <security-role>
    <role-name>estudante</role-name>
  </security-role>


  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/login-error.jsp</form-error-page>
    </form-login-config>
  </login-config>

</web-app>

FilterDispatcher is deprecated, please use [the new filter](http://stackoverflow.com/a/17103563/1654265). — Andrea Ligios, Mar 02 '15 at 10:59
Thanks ;) Do you have any idea how to solve my authentication problem? — HenriqueMS, Mar 02 '15 at 12:36
Look if this helps http://stackoverflow.com/a/5298740/1654265 — Andrea Ligios, Mar 02 '15 at 12:59

Tomcat security-constraint url-pattern not working

0 Answers0