I am using 5.0.19 & I have the following definition in my web.xml file
<welcome-file-list> * <welcome-file>/jsp/test.jsp</welcome-file>* </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>Secured Core Context</web-resource-name> * <url-pattern>/jsp/*</url-pattern>* </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login.jsp</form-error-page> </form-login-config> </login-config>
Now if i access my application as http://localhost:8080/<appName>, the welcome-file is served directly, without going through the security constraints. But if i invoke as. http://localhost:8080/<appName>/jsp/test.jsp, then the login.jsp page is brought up.
The same setup works fine in tomcat 4.1.24
Am i missing something in the configuration or is it a tomcat 5 bug. If it is a bug are there any workarounds
Thanks Shanmugam Pl