You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Tobias Buchloh <tb...@gmx.net> on 2005/03/02 11:13:04 UTC
authentication does not work if web-app provides a JAX-RPC service AND JSP
Hi,
If I enable the snippet below I can access my Web Services but if I call a JSP
I'm facing a weird error.
Using BASIC-auth-method I can sign-in and I'm being forwarded to the
appropriate page, but the JSP-expressions within this page are not evaluated
("Hello ${user.name}").
With FORM-auth-method I will be forwarded to a page <called-url>/$%7Burl%7D.
So the problem seems to be the same.
I have a simple web-application which manages some data and allows anybody to
get this data via Web Services (JAX-RPC).
Only Admins should modify data with JSPs, so I would like to use the built-in
security-constraint of tomcat.
Thanks for your help in advance.
--
Tobias
<web-app>
[...]
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<url-pattern>/pages/*</url-pattern>
<url-pattern>/faces/*</url-pattern>
<url-pattern>/services/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/pages/logon.jsp</form-login-page>
<form-error-page>/pages/logonerr.jsp</form-error-page>
</form-login-config>
</login-config>
[...]
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org