我想要不受限制地访问/gadgets/{any directory}/css/*。 我试着这样提及
<security-constraint>
<web-resource-collection>
<web-resource-name>UnProtected Area</web-resource-name>
<url-pattern>/gadgets/**/css/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/gadgets/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LOGIN</role-name>
</auth-constraint>
</security-constraint>
但是它不起作用。
最佳答案
servlet 规范不支持您尝试使用的模式(可下载 here ):
In the Web application deployment descriptor, the following syntax is used to define mappings:
- A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping.
- A string beginning with a ‘*.’ prefix is used as an extension mapping.
- The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e., requests of the form http://host:port//. In this case the path info is ’/’ and the servlet path and context path is empty string (““).
- A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
- All other strings are used for exact matches only
因此,如果您需要匹配所有 CSS 文件,您的应该能够将其指定为扩展映射:
<security-constraint>
<web-resource-collection>
<web-resource-name>Unprotected Area</web-resource-name>
<url-pattern>*.css</url-pattern>
</web-resource-collection>
</security-constraint>
关于java - ** 在 web.xml 安全约束中不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36026023/