How do I do it?
This all seems over-complicated with all kinds of weirdness.
Security constraint for resources in the secure directory
only let the system manager login
SSL not required
The Secure ROLE
and in auth.conf (which is a TOTAL MYSTERY to me, can anyone help?):
// The default server login module
// A simple server login module, which can be used when the number
// of users is relatively small. It uses two properties files:
// users.properties, which holds users (key) and their password (value).
// roles.properties, which holds users (key) and a comma-separated list of their roles (value).
// The unauthenticatedIdentity property defines the name of the principal
// that will be used when a null username and password are presented as is
// the case for an unuathenticated web client or MDB. If you want to
// allow such users to be authenticated add the property, e.g.,
When I access my application, it flips to the login form, but when I submit blank user name and password 3 times, it goes into the welcome page!
Also, how do I explicitly log out?
What is all this about? Where can I get some simple help on all this. It's all just gone too weird for me, a bog standard VMS-raised bit-twiddler to understand!