>>>>> "Lisa" == Lisa van Gelder <[EMAIL PROTECTED]> writes:
Lisa> Here is the bit of my web.xml file that deals with login. The whole of my
Lisa> app should be protected.
Lisa> My code never redirects, it leaves all the authentication up to tomcat.
Lisa> <security-constraint>
Lisa> <web-resource-collection>
Lisa> <web-resource-name>My
Lisa> Application</web-resource-name>
Lisa> <url-pattern>/*</url-pattern>
Lisa> <http-method>POST</http-method>
Lisa> <http-method>GET</http-method>
Lisa> </web-resource-collection>
Lisa> <auth-constraint>
Lisa> <role-name>myUser</role-name>
Lisa> </auth-constraint>
Lisa> </security-constraint>
Lisa> <login-config>
Lisa> <auth-method>FORM</auth-method>
Lisa> <form-login-config>
Lisa> <form-login-page>/login/login.jsp</form-login-page>
Lisa> <form-error-page>/login/login-failure.jsp</form-error-page>
Lisa> </form-login-config>
Lisa> </login-config>
I believe this might be due to the fact that you've declared the "login"
directory as part of the protected resource. Try creating a subdirectory of
the application root where all the pages go, except for the login and error
pages, then specify that subdirectory as your protected resource.
--
===================================================================
David M. Karr ; Java/J2EE/XML/Unix/C++
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
