> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Request not forwarded to login page with > security-constraintafter session time-out > > I don't find this ambiguous at all
You have to carefully examine the sections being referred to; in each area of the spec, the references are the to <role-name>s specified in a <security-constraint>, not to those listed in a <security-role>. There is no direct statement in the spec (but there is implication) that a list of <security-role> elements is required, nor is there any statement about what happens if there is no such list. Moreover, the spec does not address the situation the OP has: all that's desired is authentication, authorization is not needed or desired. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org