I am using 5.0.19 & I have the following definition in my web.xml file
<welcome-file-list>
* <welcome-file>/jsp/test.jsp</welcome-file>*
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured Core Context</web-resource-name>
* <url-pattern>/jsp/*</url-pattern>*
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login.jsp</form-error-page>
</form-login-config>
</login-config>Now if i access my application as http://localhost:8080/<appName>, the welcome-file is served directly, without going through the security constraints. But if i invoke as. http://localhost:8080/<appName>/jsp/test.jsp, then the login.jsp page is brought up.
The same setup works fine in tomcat 4.1.24
Am i missing something in the configuration or is it a tomcat 5 bug. If it is a bug are there any workarounds
Thanks Shanmugam Pl
