0 Replies Latest reply on Dec 3, 2002 6:47 AM by roberto

    security-constraint and welcome-file

      i have problem with authentication when using a welcome-file

      this is my web.xml

      <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
      </welcome-file-list>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>all</web-resource-name>
      <url-pattern>/index.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>everyone</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name/>
      </login-config>
      <security-role>
      <role-name>everyone</role-name>
      </security-role>

      in my war file i have

      index.jsp
      test2.jsp

      I want have a security constraint only for index.jsp, test2.jsp it's free for all

      When from browser i call "http:\\127.0.0.1:8080\mywebapp"

      the welcome file is retrieved and used, but no authentication is required (WRONG)

      if i use "http:\\127.0.0.1:8080\mywebapp\index.jsp" authentication is required (OK)

      if i set too in web.xml:
      <url-pattern>/</url-pattern>

      all pages required authentication (test2.jsp too)

      Any idea?

      thank you
      Roberto