US SSA said: > Rod, > > I am sorry, but I am not 100% following you... > > Yes, you are right. I have the following situation: > > I am trying url: localhost/xxxWEB/
I think it would work if you set the welcome-file element to send the user by default to localhost/xxxWEB/login.html (or index.html or whatever) where the login form could reside. The welcome.jsp page should not be a default page if it is protected, or it will be served before the user is authenticated. Since login.html or whatnot is not a jsp page, it won't be protected by a security-constraint such as /*.jsp, and it will be able to be accessed. > This gets forwared by the <welcome-page> to welcome.jsp, which I want to > be protected. > welcome.jsp page is in xxxWEB/ directory. > > Could you explain what you are suggesting again? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]