zhongliang zhang wrote: > thanks a lot. > In fact,I want just one group's user named Administrators can get access to > the administrative page,which can do some privileged operation.The common > users can get access to the common user page,they have limited privileged > operation. > So,should I configure numbers of <security-constraint> elements in my > web.xml?
Yes. > But the application allows creating new group,how do I solve this problem? What problem? You need to say what the problem is if we are going to be able to help. > In the former situation,I got a login form and a filter to do this, now,I > think I do not need an login form, It isn't clear to what form situation you are referring. If you use DIGEST authentication you do not need a login form. does the filter still can work for the role-check? Or is there any mechanism just needs configuration,not coding? Neither do you need a filter. Tomcat will do all this for you with a correctly configured web.xml Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]