Maybe I've misunderstood something but I'm having a lot of trouble getting the
login page to display with the following:
<welcome-file-list>
<welcome-file>/jsp/index/newjsp.jsp</welcome-file>
</welcome-file-list>
<!-- Error pages. -->
<error-page>
<error-code>403</error-code>
<location>/jsp/error/error403.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/jsp/error/error404.jsp</location>
</error-page>
<error-page>
<error-code>408</error-code>
<location>/jsp/error/error408.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/jsp/error/error500.jsp</location>
</error-page>
<!-- Accessibility. -->
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>myApp</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>ADMIN</role-name>
</security-role>
All that newjsp.jsp in the welcome list contains is 'Hello World'. But running
it in several browsers, all I get is a warning about redirection. Other
applications of mine using a single log in page are fine. I can't see where
this one is wrong.
-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 05 Oct 2011 18 39
To: Tomcat Users List
Subject: Re: Using multiple login pages
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin,
On 10/5/2011 11:41 AM, Martin O'Shea wrote:
> This follows on from yesterday's discussion about whether in my
> application, I can have more than one page with an embedded login form
> or not.
>
> I've been looking over the servlet spec (V2.2) and it seems that I
> can't actually do this which is a shame.
Do what, have different login pages for different types of resources you're
trying to reach? Sure you can: try reading my responses.
> So I'm now looking at a more conventional log in from a login page.
> But can anyone explain to me why I don’t see my login page when I run
> the application?
>
> Login.jsp contains the following:
This isn't relevant if you're not seeing it.
> Which corresponds to the following in web.xml:
>
> <welcome-file-list>
> <welcome-file>/jsp/about/concept.jsp</welcome-file>
> </welcome-file-list>
>
> <security-constraint> <web-resource-collection>
> <url-pattern>/aboutConcept</url-pattern>
> </web-resource-collection> <auth-constraint> <description/>
> <role-name>ADMIN</role-name> </auth-constraint> </security-constraint
> >
>
> <login-config> <form-login-config>
> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
>
>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
> </form-login-config> </login-config>
>
> But when I run the application, all I get is the html of the page
> specified in the welcome file list?
Is that a question or a statement?
> But if I then invoke a link from the welcome file, I get the login
> page. Surely it should be the other way around?
Your welcome file is not protected in any way, so you are not challenged for
credentials. If you want to login to see every page on your site, you should
have <url-pattern>/*</url-pattern> in your <web-resource-collection>.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6MlkYACgkQ9CaO5/Lv0PB3nQCfRf0g/erXaD2kOPyaBCMJW/h0
Ce0An0EbOElkSImGQYK8y+JkZdtcrIqL
=wbh5
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
