Thomas Klein wrote:
>
> But I'm still not comfortable with the way it works...
> I understand the role name must have the same value as the context path, is
> that right ?
No. This is set by the security constraint on the web.xml file in the
webapp web-inf direcotry. In the admin case, this is the
webapps/admin/web-inf directory. In the web.xml file you wil find:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/contextAdmin/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin</realm-name>
</login-config>
Note the line with <role-name> tag, this line sets the role needed to
access the protected area defined in the previous tags.
User authentication is container based but the security constrain is
webapp defined.
Christian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
