<auth-constraint> <description>usuarios permitidos</description> <role-name>Administrador</role-name> </auth-constraint>
Which prevents the user to access resources without being authenticated. Is it possoble to create a pattern to exclude some of them? Like login/*.do would not require the user being authenticated to be accessed?
It prevents anyone who is not an administrator from accessing any URLs with *.do. It would combine with your login & error pages, which you also specify here. It forces a login. This is container-managed security.
Presumably you have lots of html pages and possibly some struts actions that are mapped to a different URL pattern?
The fact that you mention 'login/*.do' suggests that you don't want to use container-managed security, rather you want to do it in your app yourself? In that case you wouldn't use security constraints in your web.xml.
Adam -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
