David:
I am trying to protect a servlet within my web application.
I want the rest of it to be accessible except for that
servlet.
Based on my reading the servlet 2.3 specification, I
added the following lines to my application's web.xml file:
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminServlet</web-resource-name>
<url-pattern>/videosearch/servlet/AdminServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
But, when I visit /videosearch/servlet/AdminServlet, I get
the result from the servlet without it asking for a login.
Also, I dont understand how I can set-up the password.
Any guidance would really help.
Thanks,
Neil.
> Yes. I use it along with a JDBCRealm. What problem are you having?
--
Neil Aggarwal
JAMM Consulting, Inc. -- (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development -- Java, JSP, servlets, databases
