hi even i put jsp page in protected folder i am able to access them directly in tomcat 5.0.
i am able to access these resticted pages directly http://localhost:8080/protected/*.jsp what i have to do to restrict this this is my web.xml page <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>ChartCreatorWebApp</display-name> <security-constraint> <web-resources-collection> <web-resources-name>protected</web-resources-name> <url-pattern>/protected/*.jsp</url-pattern> </web-resources-collection> </security-constraint> <welcome-file-list> <welcome-file>first.jsp</welcome-file> </welcome-file-list> <resource-ref> <description>Oracle Datasource example</description> <res-ref-name>jdbc/myoracle</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> </web-app> do tell to put folder in web-inf folder -- View this message in context: http://www.nabble.com/in-tomca-5-.0.*-my-security-constraint-is-not-working-why-t1844865.html#a5035656 Sent from the Tomcat - User forum at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]