Hi, I am trying to set up Tomcat as a secure web engine. >From the tutorial I understood that you should insert the following lines in web.xml and the password protection should work.
This works perfectly for files in the root directory (/*), it does not work for files in subdirectories, like /secure/*. Have you have ever seen this problem before? Thanks for any help -- Rosaria <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> ... <!-- SECURITY CONSTRAINT --> <security-constraint> <web-resource-collection> <web-resource-name>Secure Pages</web-resource-name> <description>Security constraint on all files</description> <url-pattern>/*</url-pattern> <url-pattern>/secure/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>admin can login</description> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <description>SSL not required</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <session-config> <session-timeout>30</session-timeout> </session-config> <!-- LOGIN AUTHENTICATION --> <login-config> <auth-method>FORM</auth-method> <realm-name>default</realm-name> <form-login-config> <form-login-page>/LoginForm.html</form-login-page> <form-error-page>/LoginError.html</form-error-page> </form-login-config> </login-config> <!-- SECURITY ROLES --> <security-role> <description>The most secure role</description> <role-name>admin</role-name> </security-role> </web-app> -- Rosaria --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]