my tomcat users:
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-gui"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat"
roles="tomcat,manager-gui,admin"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
following code fails:
<security-constraint>
<web-resource-collection>
<web-resource-name>Sample Application</web-resource-name>
<description>Require users to authenticate</description>
<url-pattern>*.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>adminLocal</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>adminLocal</role-name>
</security-role>
<security-role-ref>
<role-name>admin</role-name>
<role-link>adminLocal</role-link>
</security-role-ref>
if I change security-role.role-name to admin, and in
auth-constraint.role-name also to admin, than I can login,
but why doesnt' it work with <security-role-ref> ?
regards
Jakub
