-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote: > If I request a protected URL (manually clicking > link, AJAX request, etc.) *after* the session has timed out I expect an > automatic forwarding to the login page. As I could see while debugging, > the request dispatcher does indeed issue a forward() to the login page > but nothing happens. Error logs? HTTP dump? Note that Tomcat 5.0 has been unsupported for quite a while. I recommend planning an upgrade SOON. > I'm sure either, I saw it in some tutorial. Since I don't have a role > table (right, JDBCRealm complains about that, but whatever...) it > basically means that I don't use role based access. Technically speaking, no roles defined = no access. Practically speaking, I don't believe Tomcat forces any roles to be defined when "*" is the role-name required by the security-constraint. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmm6d0ACgkQ9CaO5/Lv0PCQdACeMdhQZmxMxDm0YJix89pVwoPt MhQAoMFd8EQywZr/JAwJ0fiIyBDU+BSI =C3// -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org