Sorry about that. Yes i have a index page in the restricted area that has links to other restricted jsps. The Logs are not reporting anything. How do you mean encode your urls? I haven't set a time out in the web.xml file so its using the default. The time between clicks is usually about 1-2 seconds. Here is some of my web.xml file: <security-constraint> <web-resource-collection> <web-resource-name>users</web-resource-name> <url-pattern>/add/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint>
<security-constraint> <web-resource-collection> <web-resource-name>admin</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>user</role-name> </security-role> I am using the default realm which i know works. Dean On Thu, Aug 20, 2009 at 12:19 PM, Pid <p...@pidster.com> wrote: > On 20/08/2009 11:55, Dean Chester wrote: > >> Sorry Tomcat 6.20, Red Hat Enterprise edition 4 i think. java 1.6. And i >> mean once logged in i have to login again after clicking on a link in >> the restricted area. >> Dean >> > > You don't need to reply-to-all, just to the list. I'm obviously on the > mailing list, so I'll get the message anyway - I don't need it twice. > > /myapp/index.jsp > /myapp/secure/index.jsp > /myapp/secure/page2.jsp > > So you're logging into the secure area, and trying to view, e.g. page2.jsp > from a link on the e.g. index.jsp page? > > Do the logs have any errors in them? > If so, what are they? > > Are you encoding all of the URLs properly? > > How long between clicks? > > What is the session timeout in your web.xml? > > How have you defined the <security-constraint> in web.xml? > > Which Realm are you using? > > Perhaps you could post a little bit more information? > > p > > > > On Thu, Aug 20, 2009 at 11:23 AM, Pid <p...@pidster.com >> <mailto:p...@pidster.com>> wrote: >> >> On 20/08/2009 10:40, Dean Chester wrote: >> >> Hi, >> I've written my application using j_security_check yet i keep >> having to log >> in in the restricted area. Has anyone else experienced this? >> >> >> Yep. I have to log in each time I want to use our app - it's a side >> effect of implementing security. >> >> Or is your question referring to a less vague and more specific issue? >> >> >> >> Because it works with a small amount of JSPs and then when i >> implement it all in to my >> application it doesn't work. >> >> >> I might need to warm up my Internet Telepathy(tm) without some more >> information... >> >> >> >> Where am i most likely going wrong? >> >> >> Not telling us your Tomcat version, JVM version, OS version... >> >> p >> >> >> Thanks in advance >> Dean >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> <mailto:users-unsubscr...@tomcat.apache.org> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> <mailto:users-h...@tomcat.apache.org> >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >