perhaps you need at least one <auth-constraint> with a given role - or
you leave it empty (look into the example, there is a <auth-constraint/>
before </security-constraint>).
Neil Aggarwal schrieb:
Hello:
<!-- Do not allow users to load jsps directly -->
<security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
my example:
<security-constraint>
<!-- normal area -->
<web-resource-collection>
<web-resource-name>BOS Airliquide Deutschland</web-resource-name>
<url-pattern>*.do</url-pattern>
<!-- <url-pattern>*.do</url-pattern> -->
</web-resource-collection>
<auth-constraint>
<role-name>BO</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>BO</role-name>
</security-role>
Bart
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
