tomcat5.5/7 建立虚拟目录后访问权限问题?
配置了虚拟目录web.xml权限部分如下:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TREACE</http-method>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>role1</role-name>
</security-role>
按道理我从网上邻居(web folder)使用role1中的用户认证登陆后,只能浏览,不能下载上传删除虚拟目录中的文件
问题是 删除 或是下载的时候 居然再次弹出认证框 要求输入用户名,密码,而且正确输入之后居然能读能写也能上传下载了(不输入或者输入错误的话 就不能删除 下载 上传),这是为什么?
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TREACE</http-method>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>role1</role-name>
</security-role>
按道理我从网上邻居(web folder)使用role1中的用户认证登陆后,只能浏览,不能下载上传删除虚拟目录中的文件
问题是 删除 或是下载的时候 居然再次弹出认证框 要求输入用户名,密码,而且正确输入之后居然能读能写也能上传下载了(不输入或者输入错误的话 就不能删除 下载 上传),这是为什么?
作者: lgpjyf 发布时间: 2011-03-22
帮顶!!
作者: lijian8552 发布时间: 2011-03-22