RE: j_security_check question

Wed, 03 Jul 2002 10:40:05 -0700 

Hmmm.  Your auth constraint protects the login.jsp itself.  Try changing
that so the login.jsp is not protected.  Maybe you have a chicken and egg
problem.

john


-----Original Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Kevin Andryc
Sent: Wednesday, July 03, 2002 11:56 AM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: RE: j_security_check question


OK, so here is where I am at. I have such that, when a user tries to access
a servlet (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) they get
forwarded to a Login JSP page specified by my web.xml. Here is the problem,
when the user tries to login the Login form appears again, yet the URL is
shown as http://localhost:8080/dev/servlet/ProtectedPage. Why doesn't my
ProtectedPage servlet appear? I am really stuck. Below is my web.xml file:

<security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
             <url-pattern>/servlet/*</url-pattern>
         <url-pattern>/jsp/security/*</url-pattern>
         <!-- If you list http methods, only those methods are protected -->
         <http-method>DELETE</http-method>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
         <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
             <role-name>user</role-name>
         <role-name>tomcat</role-name>
      </auth-constraint>
    </security-constraint>

   <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/jsp/security/login.jsp</form-login-page>
        <form-error-page>/jsp/security/error.jsp</form-error-page>
      </form-login-config>
    </login-config>

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to