I figured out that I'll need to refactor my directory structure and use seperate <security-constraint>s. I'm curious, is there a standard or preferred way to do this? My next step is to integrate Tomcat with Apache, and then an EJB server (perhaps JBoss?)... --Dmitry
"Dmitry ..." <[EMAIL PROTECTED]> wrote: Hello everyone. I have a security-contstraint set up with /* and JDBCRealm, and I have SSL configured in server.xml. Both the JDBCRealm and SSL are working, just not quite as I'd like. Currently, when the user first enters my site (/mysite/index.html), he is asked to authenticate himself. When the user requests a page through SSL (.../location=https:8443/mysite/../Registration.jsp), he is again asked to authenticate himself. What I want is: 1) The user to be able to access index.html (and a few other pages) withought authentication. I'd rather not have to enter every page individually under . *2) The user to not have to re-authenticate himself when he selects to go to Registration.jsp via SSL. Thank you in advance, Dmitry --------------------------------- Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup --------------------------------- Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup
