Hmm. Since the last time I tried this, the Tomcat server on which I'm
testing my security constraint, login-config, and security-role has been
shut down and restarted (Friday evening at 10:30 PM.
And now, it IS presenting a sign-on request. Of course, since there was
no user with a "frobozz" role, it's still denying access.
Update: I added the "frobozz" role to the manager user. It still denies
access (even after restarting the context), but given that on this
platform (OS/400), one needs to do a cold restart of Tomcat in order to
update the SSL keystore, and evidently also to get role-based access
working on an existing context's security constraints, I'm not a bit
surprised at this, and when I have an opportunity to do so, I'll try
another cold restart.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
