----- Original Message ----- From: "James Bell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, April 01, 2001 11:48 AM Subject: Logon Dialog > All > > I have protected my struts application with the following directives from > the web.xml file for the application (see below). This works fine. The > browser displays a popup alert requesting the authentication info. I have > left the tomcat session timeout to it's default value (30 mins I think). I > can program each page (via the template) in my application to check for the > existence of a attribute that the application establishes soon after logon > and then redirect the browser to the logon page (logon.do). If I try this > I get a 'request has already been committed' error. I think the browser > does not know that the server session has been terminated. What do I need > to do, so that the application forces the browser to re-authenticate the > user on session timeout? > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/*</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>trader</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Trader Realm</realm-name> > </login-config> > >
