Hi:

I would think if, in web.xml, the <url-pattern> in the <security-constraint>
and in the <servlet-mapping> were identical then security would be enforced.
But this does not seem to be happening. For example:

<servlet>
    <servlet-name>Test</servlet-name>
    <servlet-class>test.test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Test</servlet-name>
    <url-pattern>/test</url-pattern>
</servlet-mapping>

should be protected with a login screen if I have

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Everthing</web-resource-name>
        <url-pattern>/test</url-pattern>
        <http-method>*</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>users</role-name>
    </auth-constraint>
</security-constraint>

This does not cause the login screen to come up as expected. I tried
<url-pattern> /* but that caused all kinds of problems. /test/* didn't work
either. If I attempt to protect a JSP or HTML file - that works fine, so I
know it has nothing to do with the principals.xml or roles I have setup for
the web app.

Any ideas?

Kit Cragin
VP of Product Development
Mongoose Technology, Inc.
www.mongoosetech.com



Reply via email to