Steve, I looked at mine and that looks correct. Try commenting one of the constraints, restart Tomcat and test it.
But I do recall, I had a little bit of problem with mine working, and it turned out, after I rebooted my entire box (I run Win2K), all the constraints seemed to work, -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 24, 2006 8:13 AM To: users@tomcat.apache.org Subject: Multiple security-constraint elements I am trying to set up restricted access to several folders within the = same engine context. I have a web.xml file within the WEB-INF folder, and can get a single = security constraint to work OK. When I try and set up a second one, = nothing happens, and the second constraint is never respected. The current web.xml is pasted below. <?xml version=3D"1.0" encoding=3D"ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD = WebApplication 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <security-constraint> <display-name>Login for Admin Privileges</display-name> <web-resource-collection> <web-resource-name>Admin Group Access</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <display-name>Login for Family CUG</display-name> <web-resource-collection> <web-resource-name>Diane's Poetry Data</web-resource-name> <url-pattern>/poetry/*</url-pattern> <url-pattern>/family/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>family</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Restricted Access</realm-name> </login-config> <security-role> <description>This role includes all members permitted to perform = admin tasks</description> <role-name>admin</role-name> </security-role> <security-role> <description>This role describes CUG of family members</description> <role-name>family</role-name> </security-role> </web-app> Any suggestions, please... Steve --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]