You are right: I just fixed this mistake - added <security-role>
<role-name>member</role-name> </security-role> into my web.xml However, when I try to access my URL the browser gives me the following message: Data Transfer Interrupted On Wed, Apr 22, 2009 at 10:26 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > > Subject: Tomcat Security and Struts > > > > I am trying to make sure my app requires a login. So I configured the > > following in my deployment descriptor: > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>admin</web-resource-name> > > <url-pattern>*.do</url-pattern> > > <http-method>POST</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>member</role-name> > > </auth-constraint> > > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > <login-config> > > <auth-method>FORM</auth-method> > > <form-login-config> > > <form-login-page>/WEB-INF/JSP/login.jsp</form-login-page> > > <form-error-page>/WEB-INF/JSP/loginError.jsp</form-error-page> > > </form-login-config> > > </login-config> > > Where is your <security-role> section? > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >