By default realm i mean the one that is set up in the server.xml and it is a JDBC Realm. Dean
On Thu, Aug 20, 2009 at 12:36 PM, Dean Chester < dean.g.ches...@googlemail.com> wrote: > Sorry about that. > Yes i have a index page in the restricted area that has links to other > restricted jsps. The Logs are not reporting anything. How do you mean encode > your urls? I haven't set a time out in the web.xml file so its using the > default. The time between clicks is usually about 1-2 seconds. Here is some > of my web.xml file: > <security-constraint> > <web-resource-collection> > <web-resource-name>users</web-resource-name> > <url-pattern>/add/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > <security-constraint> > <web-resource-collection> > <web-resource-name>admin</web-resource-name> > <url-pattern>/admin/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/login-error.jsp</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <role-name>admin</role-name> > </security-role> > <security-role> > <role-name>user</role-name> > </security-role> > I am using the default realm which i know works. > Dean > > On Thu, Aug 20, 2009 at 12:19 PM, Pid <p...@pidster.com> wrote: > >> On 20/08/2009 11:55, Dean Chester wrote: >> >>> Sorry Tomcat 6.20, Red Hat Enterprise edition 4 i think. java 1.6. And i >>> mean once logged in i have to login again after clicking on a link in >>> the restricted area. >>> Dean >>> >> >> You don't need to reply-to-all, just to the list. I'm obviously on the >> mailing list, so I'll get the message anyway - I don't need it twice. >> >> /myapp/index.jsp >> /myapp/secure/index.jsp >> /myapp/secure/page2.jsp >> >> So you're logging into the secure area, and trying to view, e.g. page2.jsp >> from a link on the e.g. index.jsp page? >> >> Do the logs have any errors in them? >> If so, what are they? >> >> Are you encoding all of the URLs properly? >> >> How long between clicks? >> >> What is the session timeout in your web.xml? >> >> How have you defined the <security-constraint> in web.xml? >> >> Which Realm are you using? >> >> Perhaps you could post a little bit more information? >> >> p >> >> >> >> On Thu, Aug 20, 2009 at 11:23 AM, Pid <p...@pidster.com >>> <mailto:p...@pidster.com>> wrote: >>> >>> On 20/08/2009 10:40, Dean Chester wrote: >>> >>> Hi, >>> I've written my application using j_security_check yet i keep >>> having to log >>> in in the restricted area. Has anyone else experienced this? >>> >>> >>> Yep. I have to log in each time I want to use our app - it's a side >>> effect of implementing security. >>> >>> Or is your question referring to a less vague and more specific issue? >>> >>> >>> >>> Because it works with a small amount of JSPs and then when i >>> implement it all in to my >>> application it doesn't work. >>> >>> >>> I might need to warm up my Internet Telepathy(tm) without some more >>> information... >>> >>> >>> >>> Where am i most likely going wrong? >>> >>> >>> Not telling us your Tomcat version, JVM version, OS version... >>> >>> p >>> >>> >>> Thanks in advance >>> Dean >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> <mailto:users-unsubscr...@tomcat.apache.org> >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> <mailto:users-h...@tomcat.apache.org> >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
