Rod, Actually, I am pretty sure that the welcome-file has nothing to do with it. All that does is tell the server which URL to try to serve up if you were to leave off the file name from the url you are typing in. So, in my case typing localhost/xxxWEB/ is equivalent to localhost/xxxWEB/welcome.jsp.
The real problem that I can't figure out is why when I specify that I am only securing *.jsp, it secures nothing. I'll have to research that one. Yaakov Chaikin Software Engineer BAE SYSTEMS 301-838-6899 (phone) 301-838-6802 (fax) [EMAIL PROTECTED] > -----Original Message----- > From: Rod Giffin [mailto:[EMAIL PROTECTED] > Sent: Monday, December 08, 2003 2:34 PM > To: [EMAIL PROTECTED] > Subject: RE: login page css not applied > > US SSA said: > > Rod, > > > > I am sorry, but I am not 100% following you... > > > > Yes, you are right. I have the following situation: > > > > I am trying url: localhost/xxxWEB/ > > I think it would work if you set the welcome-file element to send the user > by default to localhost/xxxWEB/login.html (or index.html or whatever) > where the login form could reside. The welcome.jsp page should not be a > default page if it is protected, or it will be served before the user is > authenticated. Since login.html or whatnot is not a jsp page, it won't be > protected by a security-constraint such as /*.jsp, and it will be able to > be accessed. > > > This gets forwared by the <welcome-page> to welcome.jsp, which I want to > > be protected. > > welcome.jsp page is in xxxWEB/ directory. > > > > Could you explain what you are suggesting again? > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
