please display non-proprietary attributes of HTTPS (Port 8443 or 443) Connector element values from %TOMCAT_HOME%/conf/server.xml
Martin ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. > Date: Tue, 13 Jan 2009 17:03:08 -0800 > From: sams...@gmail.com > To: users@tomcat.apache.org > Subject: Tomcat 6.x security-constraint redirection problem... please help! > > > I have defined two roles (admin, user) > > <security-role> > <role-name>user</role-name> > </security-role> > <security-role> > <role-name>administrator</role-name> > </security-role> > > each of these roles needs to access into separate modules in my webapp. For > achieving this, I have the following security-constraint in tomcat web.xml: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Authorized Access Area</web-resource-name> > <url-pattern>/index.jsp</url-pattern> > <url-pattern>/login.jsp</url-pattern> > <url-pattern>/error.jsp</url-pattern> > <url-pattern>/app1/*</url-pattern> > <url-pattern>*.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Authorized Access Area</web-resource-name> > <url-pattern>/index.jsp</url-pattern> > <url-pattern>/login.jsp</url-pattern> > <url-pattern>/error.jsp</url-pattern> > <url-pattern>/app2/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>administrator</role-name> > </auth-constraint> > </security-constraint> > > consider the following steps: > > 1. Access context/app1/app1action.jsp URL > 2. I get prompted for credentials > 3. I login as normal user, and on successful login I get redirected to > app1action.jsp page (desired behavior) > 4. Now, I clear my cache & sessions authentication from browser (firefox) > 4. Browse into some link in app1action.jsp page pointing to some other page > eg. context/app1/anotherpage.jsp > 5. Now I get prompted to relogin > 6. On successful login, I expect myself to get redirected to > 'anotherpage.jsp'. But instead it redirects me to the resources ( JS / img / > css ) that are included with in 'anotherpage.jsp' . eg. > context/resources/sample.js or sample.css or sample.gif .... > > I spent googling on this issue for couple of days with no luck. > > Can you please advise how to get properly redirected ? > > ~ Many Thanks > > > -- > View this message in context: > http://www.nabble.com/Tomcat-6.x-security-constraint-redirection-problem...-please-help%21-tp21448079p21448079.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Windows Liveā¢: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009