I was messing around with security in the web.xml and tried to implement authorization restrictions with the struts-blank.war.
I put restrictions on the /pages/* directory. Funny thing is that it seems that since the index.jsp does a redirect to the pages directory and the action servlet does the mapping from welcome.do to /pages/Welcome.jsp that I am not prompted for a username and password. But if I literally type in /pages/Welcome.jsp into the browser it prompts me for a password. I read the servlet api but I couldn't find much to do with servlet security. I wasn't sure how to get my action servlet to obey the /pages/* security rule too. Any help? Shawn **************************************************************************** This email may contain confidential material. If you were not an intended recipient, Please notify the sender and delete all copies. We may monitor email to and from our network. ****************************************************************************