Problem in Welcome-file-list and security

shanmugampl Tue, 23 Mar 2004 22:52:21 -0800

Hi,

I am using 5.0.19 & I have the following definition in my web.xml file

  <welcome-file-list>
*      <welcome-file>/jsp/test.jsp</welcome-file>*
   </welcome-file-list>
   <security-constraint>
   <web-resource-collection>
     <web-resource-name>Secured Core Context</web-resource-name>
*      <url-pattern>/jsp/*</url-pattern>*
   </web-resource-collection>
     <auth-constraint>
     <role-name>*</role-name>
   </auth-constraint>
   </security-constraint>
 <login-config>
   <auth-method>FORM</auth-method>
   <form-login-config>
     <form-login-page>/login/login.jsp</form-login-page>
     <form-error-page>/login/login.jsp</form-error-page>
   </form-login-config>
 </login-config>

Now if i access my application as http://localhost:8080/<appName>, the welcome-file is served directly, without going through the security constraints. But if i invoke as. http://localhost:8080/<appName>/jsp/test.jsp, then the login.jsp page is brought up.

The same setup works fine in tomcat 4.1.24

Am i missing something in the configuration or is it a tomcat 5 bug. If it is a bug are there any workarounds

Thanks
Shanmugam Pl

Problem in Welcome-file-list and security

Reply via email to