I would try with using extension URL mapping. For instance, <url-pattern>*.jsp</url-pattern> in my web.xml. And based on the URL sent by you and I thing the application root web context is "nbpapps". If this is true, then begin your URL under the <url-pattern> tag with "faces" (based on the URL sent by you) because that seem to be a public directory directly under your web context. Vinod
________________________________ From: Kannan Shastri [mailto:[EMAIL PROTECTED] Sent: Thu 3/10/2005 6:30 AM To: tomcat-user@jakarta.apache.org Subject: Tomcat auth problem Hi , I am facing a very peculiar problem..I have configured my web-app to use form-based auth and it is working fine, except when I give the complete URL of a JSP pafe inside a restricted area, it allows me access without redirecting to the login page. I have in my web.xml something like.. <security-constraint> <display-name>agentHome</display-name> <web-resource-collection> <web-resource-name>agentHome</web-resource-name> <description>Agent Home Applicaiton</description> <url-pattern> /index.jsp</url-pattern> <url-pattern>/agentHome/*</url-pattern> <url-pattern>/lob/*</url-pattern> <url-pattern>/lob/term/*</url-pattern> <http-method> GET</http-method> <http-method> POST</http-method> </web-resource-collection> <auth-constraint> <description></description> <role-name>appAgentHome</role-name> </auth-constraint> </security-constraint> But when i type the URL http://localhost:8080/nbpapps/faces/lob/term/ABC.jsp it takes me directly to the page. But on one machine in the network, it behaves OK and redirects me to the login page... Any idea what the problem could be? Regards, Kannan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]