Hi all,
I'm trying to set up a small application similar to Java Pet Store Web
Tier and
I got the following problems/questions:
1) my main servlet main.jsp is mapped to /control/*, I set up a protected
zone at /control/signin but unfortunately when I go to /control/signin orion
server serves me main.jsp. Is it a bug or that's my (and JPD engeneers')
misunderstading of the spec?
2) I thought I could work around this problem by setting up a new protected
domain which is not under control directory. So I added the following lines
in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication zone</web-resource-name>
<description>no description</description>
<url-pattern>/protected/signin.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>no description</description>
<role-name>customer</role-name>
<role-name>subscriber</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name></realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
now when I try to access /protected/signin.jsp I see my login dialog but
after I press sumbit button Orion shows me:
"403 Forbidden
Directory browsing not allowed"
!!!!!!!!!! What does it mean? The /protected/signin.jsp does exists, did it
authenticate me? !!!!!!!
3) I have refs to images in login.jsp ("images/...") and when login form
appears in response to "protected/signin.jsp" the server couldn't find them,
but the original login.jsp is just under context root! How come it cannot
find images directory which does exist? Maybe login.jsp is invoked as it
were located in /protected directory?
Thanks in advance, Egor.
