Hi,
I need to use form-based login with my application. Using JBoss/Tomcat, I
included the following lines in my web.xml:
<security-constraint>
<web-resource-collection>
<url-pattern>/control/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>users</role-name>
</auth-constraint>
</security-constraint>
Usually, this would prevent all URLs with the pattern /control/* from
unauthorized access and cause a login form to appear when accessed for the
first time. However, this does not work, i.e. the pages can be accessed
without logging in.
I read in the archives that authorization does not work with embedded
Tomcat... is this true?
thx
Heiko
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
