I cannot tell if there's a difference between 4.1.12 and 4.1.18 as I'm still using 4.1.15.
I would first change the url pattern to <url-pattern>/protected/*</url-pattern> Second add <security-role><role-name>myrole</role-name></security-role> Tags under the document root for all roles you use. As far as I know your <auth-constaint><role-name>s reference to these <security-role>s. I never tried what happens if you don't specify these, too. Mech P.S. Merry Christmas! > -----Original Message----- > From: Peter Lee [mailto:[EMAIL PROTECTED]] > Sent: Mittwoch, 25. Dezember 2002 00:01 > To: [EMAIL PROTECTED] > Subject: Security constraint problem with v4.1.18 > > > I upgraded from 4.1.12 to 4.1.18, but I got some problems > with security constraints. I have applied a security > constraint on a particular url pattern. Only certain users > with a special rolename can > access that link. It used to work but now the page does not > load with v4.1.18. Is SSL implemented differently after > v4.1.12 that prevents my application fromworking? > > Is there any documentation on tomcat v4.1.18 SSL security stuff? > > > Here is my security constraint in web.xml: > > <security-constraint> > <web-resource-collection> > <web-resource-name>SSLResource</web-resource-name> > <url-pattern>/protected</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>myrole</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > > > > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-> [EMAIL PROTECTED]> > For > additional commands, > e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>