authentication does not work if web-app provides a JAX-RPC service AND JSP

[Tobias Buchloh <tb...@gmx.net>]

Hi,

If I enable the snippet below I can access my Web Services but if I call a JSP 
I'm facing a weird error. 

Using BASIC-auth-method I can sign-in and I'm being forwarded to the 
appropriate page, but the JSP-expressions within this page are not evaluated 
("Hello ${user.name}").

With FORM-auth-method I will be forwarded to a page <called-url>/$%7Burl%7D. 
So the problem seems to be the same.

I have a simple web-application which manages some data and allows anybody to 
get this data via Web Services (JAX-RPC). 

Only Admins should modify data with JSPs, so I would like to use the built-in 
security-constraint of tomcat.

Thanks for your help in advance.

--
Tobias

<web-app>
	[...]
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>AdminPages</web-resource-name>
            <url-pattern>/pages/*</url-pattern>
            <url-pattern>/faces/*</url-pattern>
            <url-pattern>/services/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <role-name>admin</role-name>
    </security-role>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/pages/logon.jsp</form-login-page>
            <form-error-page>/pages/logonerr.jsp</form-error-page>
        </form-login-config>
    </login-config>
    [...]

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org