DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25625>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25625 Security Restrictions don't apply to initial page Summary: Security Restrictions don't apply to initial page Product: Tomcat 5 Version: 5.0.16 Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] In Tomcat 5, if you restrict a directory in web.xml, so no user can access without login: <security-constraint> <web-resource-collection> <web-resource-name>common</web-resource-name> <url-pattern>/common/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>general</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> and you define your welcome file in that directory <welcome-file-list> <welcome-file>/common/examplePage.jsp</welcome-file> </welcome-file-list> when you access to your application (Ex: localhost:8080/myApp) it access directly to examplePage (forgetting the access restriction) BUT if you access the file directly, the access restriction works (localhost:8080/myApp/common/examplePage.jsp redirects to your login page) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]