-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin,
On 10/5/2011 11:41 AM, Martin O'Shea wrote: > This follows on from yesterday's discussion about whether in my > application, I can have more than one page with an embedded login > form or not. > > I've been looking over the servlet spec (V2.2) and it seems that I > can't actually do this which is a shame. Do what, have different login pages for different types of resources you're trying to reach? Sure you can: try reading my responses. > So I'm now looking at a more conventional log in from a login page. > But can anyone explain to me why I don’t see my login page when I > run the application? > > Login.jsp contains the following: This isn't relevant if you're not seeing it. > Which corresponds to the following in web.xml: > > <welcome-file-list> > <welcome-file>/jsp/about/concept.jsp</welcome-file> > </welcome-file-list> > > <security-constraint> <web-resource-collection> > <url-pattern>/aboutConcept</url-pattern> > </web-resource-collection> <auth-constraint> <description/> > <role-name>ADMIN</role-name> </auth-constraint> > </security-constraint > > > <login-config> <form-login-config> > <form-login-page>/jsp/security/protected/login.jsp</form-login-page> > > <form-error-page>/jsp/security/protected/error.jsp</form-error-page> > </form-login-config> </login-config> > > But when I run the application, all I get is the html of the page > specified in the welcome file list? Is that a question or a statement? > But if I then invoke a link from the welcome file, I get the login > page. Surely it should be the other way around? Your welcome file is not protected in any way, so you are not challenged for credentials. If you want to login to see every page on your site, you should have <url-pattern>/*</url-pattern> in your <web-resource-collection>. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6MlkYACgkQ9CaO5/Lv0PB3nQCfRf0g/erXaD2kOPyaBCMJW/h0 Ce0An0EbOElkSImGQYK8y+JkZdtcrIqL =wbh5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
