Hi
I am developin a ee5 + glassfish application. In the web.xml , if i m
specifying a security constraint as
<welcome-file-list>
<welcome-file>faces/index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Secure Pages</description>
<url-pattern>/logon/logon.jsp</url-pattern>
<url-pattern>/logon/loginError.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>USERS</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
<form-login-page>/logon/login.jsp</form-login-page>
<form-error-page>/logon/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>USERS</role-name>
</security-role>
doesnt work.
The url pattern , when given <url-pattern>/*</url-pattern> works fine for
the whole application. but when i specify something else in the url
..like trying to give as in the above code , it doesnt recognise the login
pages and directly goes to the index.jsp.
so what should i specify in the url-pattern to make only the login pages
secure.
Thanks in advance.
Thanks,
Rohiini N
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you