"Jon Haugsand" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > * Tim Funk > > There is probably a security constraint on tlgLogin.jsp and the login > > page is tlgLogin.jsp which invokes the security constraint and the > > login page is tlgLogin.jsp which invokes the security constraint and > > the login page is tlgLogin.jsp which invokes the security constraint > > ... > > > > Or tlgLogin.jsp is badly coded to perform a redirect to itself based > > on a wacky condition. > > Hmm, it looks reasonable, but shouldn't tomcat figure out that it you > somehow must get through to the guard that identifies people? Here is > perhaps the relevant parts of web.xml. By the way, I had Tomcat 3.2.4 > running, but am now upgrading to 4.1.24
This should make you happy, since, indeed, TC 4.1.x will figure this out and allow access to the form-login-page even if it is otherwise protected. The TC 3.x line doesn't have this feature (although it would be easy enough to add to TC 3.3.2 if anyone actually wanted it :). > > <security-constraint> > <web-resource-collection> > <web-resource-name> Tilgangsystem</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>superuser</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/jsp/tilganger/tlgLogin.jsp</form-login-page> > <form-error-page>/jsp/tilganger/tlgError.jsp</form-error-page> > </form-login-config> > </login-config> > > -- > Jon Haugsand, [EMAIL PROTECTED] > http://www.norges-bank.no --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
