Hi folks! I'm observing a couple of problems with security-constraints, and I'd like to know wether I'm encountering bugs in Tomcat or simply doing something stupid. Here are the details: I have a constraint that is setup like this:
<security-constraint> <web-resource-collection> <web-resource-name>Test</web-resource-name> <url-pattern>/servlet/HelloWorld</url-pattern> <url-pattern>*.event</url-pattern> </web-resource-collection> <auth-constraint> <role-name>User</role-name> </auth-constraint> </security-constraint> 1. URL patterns with wildcards do not seem to be matching. For instance, given a url of http://localhost:8080/MyApp/GoHome.event, when I use the following url patterns, I do not get challenged: <url-pattern>/*.event</url-pattern> <url-pattern>*.event</url-pattern> If I use the specific url, however: <url-pattern>/GoHome.event</url-pattern> then it does in fact work and I get prompted for user/pwd as expected. So my question is, am I doing somethign wrong or is this in fact a bug? 2. When I try and access Tomcat directly on port 8080 using http://localhost:8080/MyApp/servlet/HelloWorld, I get challenged as expected. When I try to access the exact same URL through IIS using http://localhost/MyApp/servlet/HelloWorld, I don't get challenged at all; I just immediately get an access denied error message. If I remove the url pattern for /servlet/HelloWorld, then I can access it just fine through IIS, which tells me that the isapi redirection is working ok. Again, am I doing something wrong, or is this a bug? Should role based authentication work when integrating Tomcat with IIS? Thanks, Christian ---------------------------------------------- Christian Cryder [[EMAIL PROTECTED]] Internet Architect, ATMReports.com Barracuda - http://barracuda.enhydra.org ---------------------------------------------- "What a great time to be a(n employed) Geek" -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>