My idea for securing my app was using Tomcat, so i have two directories: administrator and user, with their own jsp's.
In the web.xml i was pretending to do this:
<servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>/administrator/*.do</url-pattern> </servlet-mapping>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/user/*.do</url-pattern>
</servlet-mapping>and protrect administrative and user directories with tomcat:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Menu Administrador
</web-resource-name>
<url-pattern>
/administrator/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrador</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>
/pagLogin.jsp
</form-login-page>
<form-error-page>
/errorLogin.jsp
</form-error-page>
</form-login-config>
</login-config>
But, even it seems to login correctly, always returns to me a 400 error (Invalid path) and I can`t access to any .do...
that <url-pattern> is correct? can i filter by /administrator/*.do? (I have tried also by /administrator/ and returns de same message).
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
