-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aaaaaaaaaaaaaaaaaaaaaaaaaaaaa,
On 2/10/2010 8:36 AM, aaaaaa wrote: > When the user goes in a particular page I need to ask him a new > authentication because this page needs more privileges (this page infact is > only for administrators and in web.xml I specify it with a security > constraint and role). > This second step is my problem. When he goes in this page only the message > "Access to the requested resource has been denied" appears while I would > like that tomcat asks him for a new login and at the same time that tomcat > remembers the previous login when the user comes back in the other pages. Tomcat implements container-managed security according to the Java Servlet Specification, which does not specify the behavior above. Instead, once a user is authenticated, their identity is considered "known" and their roles dictate the resources they may access. If you want the behavior you describe above, you'll have to use a different security mechanism than the one provided by Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktzApEACgkQ9CaO5/Lv0PCe7wCgroQrs7qdTNi0TL2foPhLfPFu Fa4AoIv/wgCrsmVd3zdeHWy4bwmNFzcj =9yf4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org