Try replacing:
url-pattern/comics/url-pattern
url-pattern/comics/*/url-pattern
with:
url-pattern/*/url-pattern
This applies the security constraint to your web app (not the root of
the server). The former would only be effective on
http://thompson3:8080/comics/comics/.
- Mark
-Original Message-
From: Ed Thompson [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 22, 2002 3:42 PM
To: Tomcat Users List
Subject: security_constraint question
OK, rookie question
I have a file in $TOMCAT_HOME/webapps/comics (index.html)
$TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has:
security-constraint
web-resource-collection
web-resource-nameProtected Area/web-resource-name
!-- Define the context-relative URL(s) to be protected --
url-pattern/comics/url-pattern
url-pattern/comics/*/url-pattern
!-- If you list http methods, only those methods are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may access this area
--
role-namecomics/role-name
/auth-constraint
/security-constraint
I have is set up for BASIC as my auth-method. Pretty much cut and paste
form the examples directory.
However, on my browser when I go to //thompson3:8080/comics, it takes me
right to index.html.
Why does it not require me to login first? What have a missed in the
Tomcat
configuration?
Help greatly appreciate - been struggling with this for a couple of
days...
(PS - the examples works great - going to
//thompson3:8080/examples/jsp/security/protected forces a login)
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]