• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

url-pattern in Security

 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the difference between
<url-pattern>/</url-pattern> AND
<url-pattern>/*</url-pattern> in the Servlet Security?


I think <url-pattern>/</url-pattern> means DefaultServlet....incase any fall through in <url-pattern>.....like none matching the incoming client request....
and <url-pattern>/*</url-pattern> represent all resources.....with longest
match wins!!!
I am confused Please help me on this.Thanks in Advance...
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I thought
was NOT allowed cos its not an exact match nor an extension match, but could it be valid for a directory match?
can somebody clarify for us please?
thanks
 
Anutosh Swamy
Ranch Hand
Posts: 30
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to the strategies of URL Mapping there are only 4 types of URL Pattern

RULE - URL Pattern

1) Exact Match - /directory1

2) Path Match - /directory1/directory2/*

3) Extension Match - *.jsp OR *.do OR *.htm OR *.html

4) Default - / (i.e. the Context Root or the Default Servlet)

So,

<url-pattern>/</url-pattern>

is the default mapping

and

there's nothing like

<url-pattern>/*</url-pattern>

this must be re-written as

<url-pattern>/this_must_be_some_directory/*</url-pattern>

NOTE :: And one more thing URL Patterns are case Sensetive

(If any one can provide some more and better information on this than that will be a great help for me also)

---------------------------------------------------------------------------

Regards,

K.Anutosh

SCJP 1.4
[ September 20, 2007: Message edited by: Anutosh Swamy ]
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Anutosh
But in HFSJ pg 586 , it says only 3 types are valid: exact match, directory match and extension match. Im a bit confused. Please help!
also i thought theres nothing wrong in writing:
<url-pattern>/*</url-pattern> ...?

thanks
Rina
 
Anutosh Swamy
Ranch Hand
Posts: 30
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rina,

In HFJS there are only 3 types of patterns that's true, also there's nothing wrong in using <url-pattern>/</url-pattern> it is legal because it is the default mapping for any servlets as every URL must match / i.e. the context root

And regarding <url-pattern>/*</url-pattern> you are true that there is nothing wrong in this as well.

In Section SRV.6.2.4 Configuration of Filters in a Web Application of the Servlet2.4 SPEC for filter mapping we can use

<url-pattern>/*</url-pattern>

because every request URI matches the �/*� URL pattern.

AND

In Section SRV.12.8.2, Example of the Servlet2.4 SPEC it is mentioned that we can use <url-pattern>/*</url-pattern>

<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
----
----
---
</web-resource-collection>
<auth-constraint/>
</security-constraint>

AND I think there is no difference in using / or /* both performs the same thing BUT I never came across <url-pattern>/*</url-pattern> in servlet-mapping if you get some clarification regarding this do let me know

-------------------------------------------------------------------------
Regards,

K.Anutosh

SCJP 1.4
 
James Mark
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think Christophe Verre can help us.
so confusing stuff. :roll:
 
Rina Magro
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have developed a portal app on Weblogic and i got this filter automatically in my web.xml for the app:
<filter-mapping>
<filter-name>PortalServletFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>

So do i take it <url-pattern>*</url-pattern> is valid for servlet mappings and servlet security declarations too, (note just the * is the value)?
thanks lots
Rina
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic