There is no info here about what request urls are accessed and how they intersect the web.xml security-constraints. The decision as to whether or not authentication is required happens at the tomcat level. Get its source and find where the Realm.authenticate method is called.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889271#3889271 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889271 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
