I have defined two roles (admin, user) <security-role> <role-name>user</role-name> </security-role> <security-role> <role-name>administrator</role-name> </security-role>
each of these roles needs to access into separate modules in my webapp. For achieving this, I have the following security-constraint in tomcat web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Authorized Access Area</web-resource-name> <url-pattern>/index.jsp</url-pattern> <url-pattern>/login.jsp</url-pattern> <url-pattern>/error.jsp</url-pattern> <url-pattern>/app1/*</url-pattern> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Authorized Access Area</web-resource-name> <url-pattern>/index.jsp</url-pattern> <url-pattern>/login.jsp</url-pattern> <url-pattern>/error.jsp</url-pattern> <url-pattern>/app2/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>administrator</role-name> </auth-constraint> </security-constraint> consider the following steps: 1. Access context/app1/app1action.jsp URL 2. I get prompted for credentials 3. I login as normal user, and on successful login I get redirected to app1action.jsp page (desired behavior) 4. Now, I clear my cache & sessions authentication from browser (firefox) 4. Browse into some link in app1action.jsp page pointing to some other page eg. context/app1/anotherpage.jsp 5. Now I get prompted to relogin 6. On successful login, I expect myself to get redirected to 'anotherpage.jsp'. But instead it redirects me to the resources ( JS / img / css ) that are included with in 'anotherpage.jsp' . eg. context/resources/sample.js or sample.css or sample.gif .... I spent googling on this issue for couple of days with no luck. Can you please advise how to get properly redirected ? ~ Many Thanks -- View this message in context: http://www.nabble.com/Tomcat-6.x-security-constraint-redirection-problem...-please-help%21-tp21448079p21448079.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org