[EMAIL PROTECTED] wrote:
In my applications web.xml I have
<security-constraint> <web-resource-collection> <web-resource-name>Read-WriteArea</web-resource-name> <description> accessible by users of all roles</description> <url-pattern>/*</url-pattern><!-- was /* --> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection>
<auth-constraint> <description>These roles are allowed access</description> <role-name>read</role-name> <role-name>rwrite</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint>
If the url-pattern is /* I get my jdbc based form showing, and password authentication using mySQL.
If I change it to /repository/index.jsp, i.e. the actual file used, I don't get any authentication.
Any advice on what form this element should take please?
TIA, DaveP
Dave,
The security constraint is based on the actual URL requested, not the resource that is being accessed. So, if you're accessing: http://my.host.com/ - and its actually loading http://my.host.com/repository/index.jsp, then your security-constraint won't be triggered if you don't have /* indicated. With a constraint of /repository/index.jsp, try accessing that path directly from your browser - the constraint *should* be triggered then.
-Brice
-- Brice Ruth, Sr. IT Analyst Fiskars Brands Inc http://www.fiskarsbrands.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
