I am a bit confused. I do not have any <servlet-mapping> or <mime-mapping> (do I need them?) and I followed the order as it is in the tutorial. Even removing <session-config>, /secure/* is not authenticated and /* is.
-- Rosaria -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Tuesday, June 17, 2003 8:16 PM To: [EMAIL PROTECTED] Subject: Re: problems with web.xml and security If you check your log files, you should see that it doesn't like your web.xml file because <session-config> comes after <servlet-mapping> and before <mime-mapping> (which both come before <security-constraint>). Tomcat 4.x is picky about enforcing the order of elements in your web.xml file (TC 3.3 is as well, at least by default). The result is that Tomcat stopped reading your file as soon as it got to the <session-config> line. "Rosaria Silipo" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi, > > I am trying to set up Tomcat as a secure web engine. > From the tutorial I understood that you should insert the following > lines in web.xml and the password protection should work. > > This works perfectly for files in the root directory (/*), it does not > work for files in subdirectories, like /secure/*. > > Have you have ever seen this problem before? > > Thanks for any help > > -- Rosaria > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd"> > > <web-app> > ... > > <!-- SECURITY CONSTRAINT --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Pages</web-resource-name> > <description>Security constraint on all files</description> > <url-pattern>/*</url-pattern> > <url-pattern>/secure/*</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > > <auth-constraint> > <description>admin can login</description> > <role-name>admin</role-name> > </auth-constraint> > > <user-data-constraint> > <description>SSL not required</description> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <session-config> > <session-timeout>30</session-timeout> > </session-config> > > <!-- LOGIN AUTHENTICATION --> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>default</realm-name> > <form-login-config> > <form-login-page>/LoginForm.html</form-login-page> > <form-error-page>/LoginError.html</form-error-page> > </form-login-config> > > </login-config> > > <!-- SECURITY ROLES --> > > <security-role> > <description>The most secure role</description> > <role-name>admin</role-name> > </security-role> > > </web-app> > > > -- Rosaria --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]