Thanks Craig, I've e-mailed the JSR53 group > One note on your original example, however -- if "/foo" is the context path to > your application, and you wish to protect the entire webapp, you would use "/*" > as the URL pattern inside your security constraint. My example was wrong, my logic right bar is the application, foo a sub-directory, I disallow access to /foo/* Kevin Jones DevelopMentor www.develop.com -----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: 19 February 2001 20:56 To: [EMAIL PROTECTED] Subject: Re: Login Kevin Jones wrote: > > No I don't want a workaround - I've already got it working. I was pointing > this out because > > a) it is conflicting behaviour in the two current versions of Tomcat (3.2.1 > and TC 4) and > b) the spec is silent on the behaviour and I was wondering if Craig or any > of the other Tomcat authors would comment > It is a bug in 3.2.1. There is a bunch of special case logic in Tomcat 4.0 to let you see the form login (and error) page, even if it is within the set of URLs protected by a security constraint. This is likely to get clarified in the next round of the 2.3 specification. One note on your original example, however -- if "/foo" is the context path to your application, and you wish to protect the entire webapp, you would use "/*" as the URL pattern inside your security constraint. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
