I'm using JDK 1.5 with Resltet 1.0.9 in a Linux environment running
Tomcat 5.5.
I have multiple url-patterns in my security constraint as shown in this
bit from my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurityConstraint</web-resource-name>
<url-pattern>/firstpattern/*</url-pattern>
<url-pattern>/secondpattern/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>public</role-name>
</auth-constraint>
</security-constraint>
This works fine for the first pattern that is found, and I can call
getRequest().getChallengeResponse().getIdentifier() to obtain the
currently authenticated username. So if I call
http://myhost/mywebapp/firstpattern/do I get challenged and it's fine.
If do not close my browser and try to use the challenge response by
calling http://myhost/mywebapp/secondpattern/do I am not challenged, as
expected as I think it's cached somewhere, and then the
getRequest().getChallengeResponse() returns a null. Is this according
to spec? A bug? Or is it tied to the URL pattern somewhere only once
per webapp?
Thanks!
Dustin
--
Dustin N. Jenkins | Tel/Tél: 250.363.3101 | [EMAIL PROTECTED]
facsimile/télécopieur: (250) 363-0045
National Research Council Canada | 5071 West Saanich Rd, Victoria BC.
V9E 2E7
Conseil national de recherches Canada | 5071, ch. West Saanich, Victoria
(C.-B) V9E 2E7
Government of Canada | Gouvernement du Canada