On 2/10/06, Garner, Shawn <[EMAIL PROTECTED]> wrote: > > I was messing around with security in the web.xml and tried to implement > authorization restrictions with the struts-blank.war. > > I put restrictions on the /pages/* directory. > > Funny thing is that it seems that since the index.jsp does a redirect to > the > pages directory and the action servlet does the mapping from welcome.do to > /pages/Welcome.jsp that I am not prompted for a username and password.
Are you sure it's doing a redirect? If this were a forward, the symptom you described would be the expected behavior, since security constraints are only applied on the original request. Craig But if I literally type in /pages/Welcome.jsp into the browser it prompts me > for a password. > > I read the servlet api but I couldn't find much to do with servlet > security. > > > > I wasn't sure how to get my action servlet to obey the /pages/* security > rule too. > > > > Any help? > > > > Shawn > > > > **************************************************************************** > This email may contain confidential material. > If you were not an intended recipient, > Please notify the sender and delete all copies. > We may monitor email to and from our network. > > **************************************************************************** > >