On Thu, 1 Aug 2002 [EMAIL PROTECTED] wrote:
> Date: Thu, 1 Aug 2002 18:15:17 -0400
> From: [EMAIL PROTECTED]
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: web.xml security-constraint bug?
>
> i noticed that if you add the url-pattern /* as a web-resource-collection
> in a security constraint
> and you use FORM auth-method for login-config
>
> if form-login-page is included in the same webapp, there seems to be an
> endless loop.
>
Not if the container is designed correctly. Tomcat 4, at least, deals
with this situation just fine, because it doesn't try to apply the
constraint against the form login page or form error page.
> is there anyway to specify an url-pattern that includes all except
> login.jsp?
>
> thanks
>
> -Tony
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
