1. Make sure you define a security-role element for 'administrator' in web.xml. Also the auth-constraint has role-name as 'administrador'. Maybe a spelling error ? 2. And the role should be defined in tomcat-users.xml also. And the users in this role would alone be allowed access.
Thanks -- pady [EMAIL PROTECTED] -----Original Message----- From: Sipe Informática [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 9:40 AM To: Struts Users Mailing List Subject: Using Tomcat declarative security for my app Hi!, first of all excuse my poor english... I have this problem: My idea for securing my app was using Tomcat, so i have two directories: administrator and user, with their own jsp's. In the web.xml i was pretending to do this: <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>/administrator/*.do</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>/user/*.do</url-pattern> </servlet-mapping> and protrect administrative and user directories with tomcat: <security-constraint> <web-resource-collection> <web-resource-name> Menu Administrador </web-resource-name> <url-pattern> /administrator/* </url-pattern> </web-resource-collection> <auth-constraint> <role-name>administrador</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page> /pagLogin.jsp </form-login-page> <form-error-page> /errorLogin.jsp </form-error-page> </form-login-config> </login-config> But, even it seems to login correctly, always returns to me a 400 error (Invalid path) and I can`t access to any .do... that <url-pattern> is correct? can i filter by /administrator/*.do? (I have tried also by /administrator/ and returns de same message). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Heroix e-mail Security System ______________________________________________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]