Sorry about that.
Yes i have a index page in the restricted area that has links to other
restricted jsps. The Logs are not reporting anything. How do you mean encode
your urls? I haven't set a time out in the web.xml file so its using the
default. The time between clicks is usually about 1-2 seconds. Here is some
of my web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>users</web-resource-name>
<url-pattern>/add/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
I am using the default realm which i know works.
Dean
On Thu, Aug 20, 2009 at 12:19 PM, Pid <[email protected]> wrote:
> On 20/08/2009 11:55, Dean Chester wrote:
>
>> Sorry Tomcat 6.20, Red Hat Enterprise edition 4 i think. java 1.6. And i
>> mean once logged in i have to login again after clicking on a link in
>> the restricted area.
>> Dean
>>
>
> You don't need to reply-to-all, just to the list. I'm obviously on the
> mailing list, so I'll get the message anyway - I don't need it twice.
>
> /myapp/index.jsp
> /myapp/secure/index.jsp
> /myapp/secure/page2.jsp
>
> So you're logging into the secure area, and trying to view, e.g. page2.jsp
> from a link on the e.g. index.jsp page?
>
> Do the logs have any errors in them?
> If so, what are they?
>
> Are you encoding all of the URLs properly?
>
> How long between clicks?
>
> What is the session timeout in your web.xml?
>
> How have you defined the <security-constraint> in web.xml?
>
> Which Realm are you using?
>
> Perhaps you could post a little bit more information?
>
> p
>
>
>
> On Thu, Aug 20, 2009 at 11:23 AM, Pid <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> On 20/08/2009 10:40, Dean Chester wrote:
>>
>> Hi,
>> I've written my application using j_security_check yet i keep
>> having to log
>> in in the restricted area. Has anyone else experienced this?
>>
>>
>> Yep. I have to log in each time I want to use our app - it's a side
>> effect of implementing security.
>>
>> Or is your question referring to a less vague and more specific issue?
>>
>>
>>
>> Because it works with a small amount of JSPs and then when i
>> implement it all in to my
>> application it doesn't work.
>>
>>
>> I might need to warm up my Internet Telepathy(tm) without some more
>> information...
>>
>>
>>
>> Where am i most likely going wrong?
>>
>>
>> Not telling us your Tomcat version, JVM version, OS version...
>>
>> p
>>
>>
>> Thanks in advance
>> Dean
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> <mailto:[email protected]>
>> For additional commands, e-mail: [email protected]
>> <mailto:[email protected]>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
