Hi,
I am using Tomcat Container managed security: Basic Authentication by adding
the following to web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>The Entire Web Application</web-resource-name>
<url-pattern>/XMLServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserDatabase</realm-name>
</login-config>
<security-role>
<description>
An example role defined in "conf/tomcat-users.xml"
</description>
<role-name>tomcat</role-name>
</security-role>
-----------------------------------------
I have used a form in my jsp:
<form name="update" method="POST" action="/abc/XMLServlet">
<input type=button name="save_change" value="Save" onclick="saveChange(event)">
<input type=button name="cancel_change" value="Cancel"
onclick="cancelChange(event)">
<input type=button name="edit" value="Edit" onclick="checkLogin(event)">
</form>
If I click on "Edit" button, the javascript checkLogin will submit the form.
If the user has not logged in, an authentication window will pop up. After the
first-time authentication, the page is directed to the same page containing the
above form. I intentionally set setMaxInactiveInterval to be like 10 seconds
in XMLServlet. When the session expires, I click the "Edit" button again, now
the page directly go to XMLServlet without the authentication window poped up.
Does anyone know what causes this? How can I get the authentication window pop
up when the session expires? Thank you for your help.
Gia
---------------------------------
Do you Yahoo!?
Yahoo! Search presents - Jib Jab's 'Second Term'
