hi all I got to authorise a particular part of my web app, I have configured my web.xml as follows
> <security-constraint> > > <web-resource-collection> > <web-resource-name>father</web-resource-name> > <description>Security</description> > <url-pattern>/father/*</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/auth.do</form-login-page> > <form-error-page>/admin/error.jsp</form-error-page> > </form-login-config> > </login-config> > <security-role> > <role-name>admin</role-name> > </security-role> and everything works fine. the required action is called. but after being authorised into /father/something.jsp , if acess any other page in /father through a link the same login action is called. Do I have to explicity write code to see if I am authorised or is there any way the container can manage this. I am using JAAS in JBoss 4.0.2 This seems like basic and foolish question.... My real doubt is do I have to write the code to see if I am authorised? sincerely jubs
