Hi:
I would think if, in web.xml, the <url-pattern> in the <security-constraint>
and in the <servlet-mapping> were identical then security would be enforced.
But this does not seem to be happening. For example:
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>test.test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Test</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
should be protected with a login screen if I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Everthing</web-resource-name>
<url-pattern>/test</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>users</role-name>
</auth-constraint>
</security-constraint>
This does not cause the login screen to come up as expected. I tried
<url-pattern> /* but that caused all kinds of problems. /test/* didn't work
either. If I attempt to protect a JSP or HTML file - that works fine, so I
know it has nothing to do with the principals.xml or roles I have setup for
the web app.
Any ideas?
Kit Cragin
VP of Product Development
Mongoose Technology, Inc.
www.mongoosetech.com
