Everything that correspond to the security-constraint on your web.xml is 'protected' and need authentification. When you are authenticated, field request.getRemoteUser() is not null anymore. Be carefull,
<url-pattern>/saraf/*</url-pattern> in security constraint mean the secure area is http://<server>/saraf/saraf/* If your secure area is http://<server>/saraf/protected/* then the url pattern is /protected/* Prashant Saraf a écrit : >i think problem should be web.xml but still it gives following problem >1)You are logged in as remote user *null* in session * >2AD5AC97008551CE1EDD510E06AE6E1F > >*WHICH SHOULD NOT* >* 2)how should tomcat know that protected is protected > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]