> From: Greg Brownell [mailto:[EMAIL PROTECTED] > Subject: Tomcat ssl/https: error 302 when accessing servlet with https > > web.xml has the following entries: > <!-- Security roles referenced by this web application --> > <security-role> > <role-name>role1</role-name> > </security-role> > <security-role> > <role-name>tomcat</role-name> > </security-role> > <security-constraint> > <web-resource-collection> > <web-resource-name>secure pages</web-resource-name> > <url-pattern>/fileview</url-pattern> > </web-resource-collection> > <web-resource-collection> > <web-resource-name>secure pages</web-resource-name> > <url-pattern>/vconfirm_n</url-pattern> > </web-resource-collection> > <web-resource-collection> > <web-resource-name>secure pages</web-resource-name> > <url-pattern>/vconfirm</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint>
Where's your <auth-constraint>? Note the following from the spec: "If no roles are defined [within an auth-constraint], no user is allowed access to the portion of the web application described by the containing security-constraint." Also, the list of roles may have to come after the <security-constraint>, depending on how picky the DTD is. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
