Try replacing: <url-pattern>/comics</url-pattern> <url-pattern>/comics/*</url-pattern>
with: <url-pattern>/*</url-pattern> This applies the security constraint to your web app (not the root of the server). The former would only be effective on http://thompson3:8080/comics/comics/. - Mark -----Original Message----- From: Ed Thompson [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 22, 2002 3:42 PM To: Tomcat Users List Subject: security_constraint question OK, rookie question.... I have a file in $TOMCAT_HOME/webapps/comics (index.html) $TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has: <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/comics</url-pattern> <url-pattern>/comics/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>comics</role-name> </auth-constraint> </security-constraint> I have is set up for BASIC as my auth-method. Pretty much cut and paste form the examples directory. However, on my browser when I go to //thompson3:8080/comics, it takes me right to index.html. Why does it not require me to login first? What have a missed in the Tomcat configuration? Help greatly appreciate - been struggling with this for a couple of days... (PS - the examples works great - going to //thompson3:8080/examples/jsp/security/protected forces a login) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>