Under tomcat , I have a servlet: servlet/CatalogManagerServlet that i want
to add some security. So i add the following to web.xml in tomcat dir:
<security-role>
<role-name>tomcat</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>CatalogManagerServlet</web-resource-name>
<url-pattern>/servlet/CatalogManagerServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Example Basic Authentication Area</realm-name>
</login-config>
Now when call the url /servlet/CatalogManagerServlet a password box appear
and all works. But when i give some parameters like
/servlet/CatalogManagerServlet?range=12, the getquerystring method on the
servlet return null ? is it a tomcat bug ? if I remove the security data,
the getquerystring() works !
is it possible to solve this problem ?
thanks for any help
