Is this something that's planned to be fixed in Tomcat 3.3?
I'd be willing to help work on a fix if necessary. -Tony On Thu, 1 Aug 2002 [EMAIL PROTECTED] wrote: > Date: Thu, 1 Aug 2002 18:15:17 -0400 > From: [EMAIL PROTECTED] > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: web.xml security-constraint bug? > > i noticed that if you add the url-pattern /* as a web-resource-collection > in a security constraint > and you use FORM auth-method for login-config > > if form-login-page is included in the same webapp, there seems to be an > endless loop. > Not if the container is designed correctly. Tomcat 4, at least, deals with this situation just fine, because it doesn't try to apply the constraint against the form login page or form error page. > is there anyway to specify an url-pattern that includes all except > login.jsp? > > thanks > > -Tony Craig -- To unsubscribe, e-mail: < mailto:[EMAIL PROTECTED]> For additional commands, e-mail: < mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
