[easier way] You can also protect by file extension or name of servlet.
-Tim
Allan Lykke Christensen wrote:
Hi all,
I've got a small problem and hope someone can point me in the right direction for a solution.
I've built a web-application running from the root context (/) that requires the users to log-in through a form. I set-up Tomcat to protect the application like so (web.xml):
<-- Snippet from web.xml //--> <security-constraint> <web-resource-collection> <web-resource-name>Protected</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>FORM</auth-method> <realm-name>Protected</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <!-- End of snippet //-->
My problem is that on my login page I have images that needs to be loaded from /images (login.jsp):
<html> <head> <title>Login page</title> </head>
<body> <img src="/images/loginheader.png" />
<form method="POST" action="j_security_check"> Username: <input type="text" name="j_username" /><br /> Password: <input type="password" name="j_password" /><br /> <input type="submit" value="Log In" /> </form>
<img src="/images/loginfooter.png" /> </body> </html>
Of course it can't load anything from /images since I've protected everything from the root up. Is there anyway to unprotect the /images directory? or will I have to do something completely different to overcome this problem?
Any comments are appreciated.
Kind regards, Allan
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]