Message-ID: <[EMAIL PROTECTED]>
I read in org.apache.tomcat.request.JDBCRealm.java that the proper URI
should be "/j_security_check", and that if the preceeding "/" is not
present, or if another path is prepended, the path is normalized to
"/j_security_check".
If this URI is recognized, and the path requires security handling,
JDBCRealm.java then prepares a SQL statement to query the database, using
the information specified in the JDBC <RequestInterceptor> in server.xml.
Now, if only I could get it to trigger...
Mike
"McCay, Larry" wrote:
> vVolf,
>
> I have observed the same behavior on 3.1 and 3.2.1.
>
> I am going to dig in a little deeper to see what security functionality is
> supported at all.
>
Form based security was not supported in Tomcat 3.1, but is supported in 3.2
and 4.0.
Note that you do ***not*** provide a "j_security_check" class. That URI is
handled by Tomcat. The only thing your webapp includes related to security
is
a form login page and a form error page.
See the "examples" application included with Tomcat. It uses form-based
security to protect the following URL:
http://localhost:8080/examples/jsp/security/protected
>
> thanks,
>
> -larry
>
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
