How to secure all of /? I'm trying to add a securtiy constraint to /
using FORM auth. I createed /login/loginform.htm. I want to secure
/. Does the form listed in the web.xml section of forn-loginpage get
an exeption automagically from a security constraint on /? Doesn't
seem so, so I have the below setup in my web.xml file. Is this the
correct approach to secure everything under / except /login?
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Page Test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Default</role-name>
<role-name>RRT Admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Page Test</web-resource-name>
<url-pattern>/login/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/index.htm</form-login-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Default</role-name>
<role-name>RRT Admin</role-name>
</security-role>
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:8:5743
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/8
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:8
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.8
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
