I've been scratching my head most of the day on this...
Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to implement container managed security.
I have a JDBC Realm set up in server.xml for the context in question. The web.xml file for the application is set up just like the examples:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<display-name>IPBoss</display-name>
<security-contraint>
<web-resource-collection>
<web-resource-name>restricted pages</web-resource-name>
<url-pattern>/add/*</url-pattern>
<url-pattern>/edit/*</url-pattern>
<url-pattern>/delete/*</url-pattern>
</web-resource-collection>
<auth-contraint>
<role-name>user</role-name>
</auth-contraint>
</security-contraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>IPBoss application</realm-name>
<form-login-config>
<form-login-page>/index.html</form-login-page>
<form-error-page>/index.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
The role of any user of this application.
</description>
<role-name>user</role-name>
</security-role>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
When I try to hit a url like http://localhost:9006/IPBoss/add/add_network.html, which as near as I can tell should trigger authentication, I just get the page I'm asking for - no login.
I'm sure I'm missing something easy but I just can't figure it out.
Thanks! -Steve
