-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sreyan,
On 8/31/15 12:34 PM, Sreyan Chakravarty wrote: > Wait I am sure I am going wrong in a fundamental area. > > My security constraint is as follow-: > > <security-constraint> <web-resource-collection> > <web-resource-name>TECHERS</web-resource-name> > <url-pattern>/teacher/success.jsp</url-pattern> > <http-method>GET</http-method> <http-method>POST</http-method> > </web-resource-collection> > > <auth-constraint> <role-name>TEACHER</role-name> > </auth-constraint> </security-constraint> > > <login-config> <auth-method>FORM</auth-method> <form-login-config> > <form-login-page>/index.jsp</form-login-page> > <form-error-page>/index.jsp?error=true</form-error-page> > </form-login-config> </login-config> > > <security-role> <role-name>TEACHER</role-name> </security-role> > > Now let me tell you what I understand from this-: > > > - The <web-resource-collection> /teacher/success.jsp is protected > via a FORM login page that is index.jsp - Therefore the page after > login which the user will land to is /teacher/success.jsp. I don't > need to specify that elsewhere. - <form-login-page> element > designates the login page. - <form-error-page> element designates > the page to go to if login has failed. > > This is my understanding of the whole process. Please don't tell me > that I have to put <form-login-page> as /teacher/success.jsp. If so > then where do I designate the login page ? > > Forgive my noobishness. Just starting out with servlet security. With your above configuration, you have to point your web browser at https://yourhost/teacher/success.jsp This will cause Tomcat to send you to the login page, and you can ener your username and password. Once you enter the right username and password, Tomcat will actually send you to /teacher/success.jsp You really should read the Servlet Spec's section on authentication. In fact, read the whole spec. It's quite readable and if you are going to be writing web applications, you really ought to have read it. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV5I30AAoJEBzwKT+lPKRYNvUQAIQOP8ShOVFnGkia8kAE2HMO mDbr7f54havmRECpC2mCbxvIr3YphXMcDBZJpmuD1IS6ybNIa0hzvX/L2hSmxBYA l2oDgInsm+jX+ndkHfZMtKcYp0Fku1Zg4VbSI13z+kTxObBd3tMN0ngkWGqO8YJC 4lwV62ho+wx0Xg9r7tpHgqjYfLGDBwJiKkKyG47FNbDtkZFp/BukVMY2QJWKwDuj Jb68wQ90jL4xBBLP6zCaJwpNXYjawAdJCCnFJkm90/6DhGzybnWMMQ736CVYdV/T 64npEeglSytj/KUJlzsO5aCEMK5CZi13D2CYYP2Svh/bGvrlUoHn3sGuAScavgn5 NKT5KdyiXkvXV5YOghTaycje9pXBUkQmhHsIWFMj1vuJOU8E0X+Rl+MJ2fSGrgic D0x/zM58pUAPKnA2TD8xcUwLCDSo4akqCt64OPZNmM+i2hi2wXYVF4xfKBUD39GV oau/MeEj4c8xYHoswC/vC3X1Ol2a3Kliubbb1owXIQUEzILCPFf8tfB/awFMwVDj SfYR7nFtPvkHygqVY15Q38w3bxmobwlV/6Zb4mpmPER/OLQuWfNbdT7z/qVIZ53G FSOaFfsWOgFFD3mjn1IUezVOjTUSpaTRU5xCIoM6LC7XdOxYLTMFKIyk1rjEEWbh 0+wJHnsU1MbmxszEHMxd =5ou+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org