RE: Request not forwarded to login page with security-constraintafter session time-out

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Request not forwarded to login page with
> security-constraintafter session time-out
>
> I don't find this ambiguous at all

You have to carefully examine the sections being referred to; in each area of the spec, the references are the to <role-name>s specified in a <security-constraint>, not to those listed in a <security-role>.  There is no direct statement in the spec (but there is implication) that a list of <security-role> elements is required, nor is there any statement about what happens if there is no such list.

Moreover, the spec does not address the situation the OP has: all that's desired is authentication, authorization is not needed or desired.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org