I'm using J2EE container managed security (in Tomcat). I set up a rule
to protect all *.do actions. The problem is my logout.do is protected
as well!
In my web.xml I have:
<security-constraint>
<web-resource-collection>
<web-resource-name>All DO</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
And then I use struts to set the security roles for each action.
Although my logout action doesn't have any security roles, the above
config in the web.xml requires a user to be authenticated before
executing an action.
What can I do to unprotect my logout action?
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
