• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

url-pattern in Security

 
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the difference between
<url-pattern>/</url-pattern> AND
<url-pattern>/*</url-pattern> in the Servlet Security?


I think <url-pattern>/</url-pattern> means DefaultServlet....incase any fall through in <url-pattern>.....like none matching the incoming client request....
and <url-pattern>/*</url-pattern> represent all resources.....with longest
match wins!!!
I am confused Please help me on this.Thanks in Advance...
 
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I thought
was NOT allowed cos its not an exact match nor an extension match, but could it be valid for a directory match?
can somebody clarify for us please?
thanks
 
Ranch Hand
Posts: 30
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
According to the strategies of URL Mapping there are only 4 types of URL Pattern

RULE - URL Pattern

1) Exact Match - /directory1

2) Path Match - /directory1/directory2/*

3) Extension Match - *.jsp OR *.do OR *.htm OR *.html

4) Default - / (i.e. the Context Root or the Default Servlet)

So,

<url-pattern>/</url-pattern>

is the default mapping

and

there's nothing like

<url-pattern>/*</url-pattern>

this must be re-written as

<url-pattern>/this_must_be_some_directory/*</url-pattern>

NOTE :: And one more thing URL Patterns are case Sensetive

(If any one can provide some more and better information on this than that will be a great help for me also)

---------------------------------------------------------------------------

Regards,

K.Anutosh

SCJP 1.4
[ September 20, 2007: Message edited by: Anutosh Swamy ]
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Anutosh
But in HFSJ pg 586 , it says only 3 types are valid: exact match, directory match and extension match. Im a bit confused. Please help!
also i thought theres nothing wrong in writing:
<url-pattern>/*</url-pattern> ...?

thanks
Rina
 
Anutosh Swamy
Ranch Hand
Posts: 30
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rina,

In HFJS there are only 3 types of patterns that's true, also there's nothing wrong in using <url-pattern>/</url-pattern> it is legal because it is the default mapping for any servlets as every URL must match / i.e. the context root

And regarding <url-pattern>/*</url-pattern> you are true that there is nothing wrong in this as well.

In Section SRV.6.2.4 Configuration of Filters in a Web Application of the Servlet2.4 SPEC for filter mapping we can use

<url-pattern>/*</url-pattern>

because every request URI matches the �/*� URL pattern.

AND

In Section SRV.12.8.2, Example of the Servlet2.4 SPEC it is mentioned that we can use <url-pattern>/*</url-pattern>

<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
----
----
---
</web-resource-collection>
<auth-constraint/>
</security-constraint>

AND I think there is no difference in using / or /* both performs the same thing BUT I never came across <url-pattern>/*</url-pattern> in servlet-mapping if you get some clarification regarding this do let me know

-------------------------------------------------------------------------
Regards,

K.Anutosh

SCJP 1.4
 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think Christophe Verre can help us.
so confusing stuff. :roll:
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have developed a portal app on Weblogic and i got this filter automatically in my web.xml for the app:
<filter-mapping>
<filter-name>PortalServletFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>

So do i take it <url-pattern>*</url-pattern> is valid for servlet mappings and servlet security declarations too, (note just the * is the value)?
thanks lots
Rina
 
Please enjoy this holographic presentation of our apocalyptic dilemma right after this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic