I have defined a security constraint, but JRun does not protect my resource. I think this is because servlet container processes user-defined servlet mappings before security definitions. This WOULD work in the J2EE RI. If I put anything in the url-pattern that references a file or directory (not a servlet mapping), it works. However, this means no MVC. As I said, this works in the J2EE RI. <servlet> <servlet-name>control</servlet-name> <jsp-file>Main.jsp</jsp-file> <display-name></display-name> <description></description> </servlet> <servlet-mapping> <url-pattern>/control/*</url-pattern> <servlet-name>control</servlet-name></servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Protected Application</web-resource-name> <url-pattern>/control/myaccount</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <description>Protected Resource</description> </web-resource-collection> <auth-constraint> <role-name>customer</role-name> <description>Customers only</description> </auth-constraint> </security-constraint> Phillip Rhodes [EMAIL PROTECTED] Alcoa eCommerce https://www.ALCOADIRECT.COM 826B Two Allegheny Center Pittsburgh, PA 15212 (412) 553-4900 (phone) (412) 553-2484 (fax) ------------------------------------------------------------------------------ Archives: http://www.egroups.com/group/jrun-interest/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
