You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Marco Arioli <ar...@risorsei.it> on 2000/10/03 22:09:19 UTC

Security constraint

Hi, I have a problem with apache+tomcat trying to configure security
constraint. The rule is as follows:

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <url-pattern>/jsp/security/protected/*</url-pattern>
         <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>PUT</http-method>
      </web-resource-collection>

Tomcat, as a standalone, asks authentication for all file in ../protected/;
using tomcat+apache (through port 80) authentication is required only for
jsp file (and maybe for servlet). Other files are shown without
authentication. This is not what I want; what should I do to solve this?

Thanx,
Marco.

==========================================================================
                               Marco Arioli			 
e-mail: arioli.m@risorsei.it  
        marioli@landini.it
==========================================================================