DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=27581>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=27581 Version 2.4 web.xml <security-constraint> does not work Summary: Version 2.4 web.xml <security-constraint> does not work Product: Tomcat 5 Version: 5.0.19 Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Critical Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] In my Servlet spec version 2.4 web.xml file, I have added the following section: <security-constraint> <web-resource-collection> <web-resource-name>Restrict direct JSP access</web-resource-name> <url-pattern>*.jsp</url-pattern> </web-resource-collection> </security-constraint> This does not stop direct access of JSPs. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]