It looks correct to me ... your url-pattern will only trigger on that specific file... but i guess you know that ..
Abid -----Original Message----- From: Roland Carlsson [mailto:[EMAIL PROTECTED] Sent: 18. juli 2003 13:06 To: Tomcat Users List Subject: Re: MemoryRealm and tomcat-users.xml Heres my tomcat-users.xml <tomcat-users> <role rolename="supervisor" /> <role rolename="tomcat" /> <role rolename="role1" /> <role rolename="manager" /> <user name="tomcat" password="tomcat" roles="tomcat,supervisor" /> <user name="role1" password="tomcat" roles="role1" /> <user name="both" password="tomcat" roles="tomcat,role1" /> <user name="test" password="test" roles="supervisor,manager" /> </tomcat-users> and a part of my web.xml <security-constraint> <web-resource-collection> <web-resource-name>Security test</web-resource-name> <url-pattern>/afile.jsp</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>supervisor</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>supervisor</role-name> </security-role> Regards Roland ----- Original Message ----- From: "Abid Ali Teepo" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, July 18, 2003 12:59 PM Subject: RE: MemoryRealm and tomcat-users.xml Hi Don't you have to add the roles in your web.xml under the tag security-constraint. And there has to be matching roles in auth-constraint and security-role.... if you haven't done this...it could be the problem ... Abid -----Original Message----- From: Roland Carlsson [mailto:[EMAIL PROTECTED] Sent: 18. juli 2003 12:52 To: Tomcat Users List Subject: MemoryRealm and tomcat-users.xml Hi! I have created a simple form-based authentication. It works well with the predefined users (tomcat, role1) but it doesn't work at all if I try to add users and roles in the /%tomcat-root%/conf/tomcat-users.xml. My server.xml is not changed from install so it defines a realm in the Engine-element that according to the comments should be used for all webapps in the server. What have I missed? Thanks in advance Roland Carlsson --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]