Tom Cat wrote: > <url-pattern>/myAdmin/admin.html</url-pattern>
This should be: <url-pattern>/admin.html</url-pattern> > > I think this should be enough to require authentication when someone > goes to http://localhost:8080/myAdmin/admin.html on the local machine. > And yet, it allows everyone access to the page, without even prompting > for any sort of authentication. Anyone have an idea why? You don't need to include the context path when defining security constraints (or any other url-pattern) in web.xml Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
