Thank you very much Caldarale. Please, do you know how to define "any role"? The framework I use takes care of authorization (based on service's methods). I only need to authenticate the user, otherwise I would double the access configuration.
Diogenes 2008/1/24, Caldarale, Charles R <[EMAIL PROTECTED]>: > > From: Diogenes Gomes [mailto:[EMAIL PROTECTED] > > Subject: Problem with protecting pages in Tomcat 5.5 > > > > <auth-constraint> > > <role-name>*</role-name> > > </auth-constraint> > > IIRC, 5.0 misinterpreted a <role-name> setting of *; this was corrected > in 5.5 and above. The asterisk does not mean "any role", but rather > "all defined roles". (See section 12 of the servlet spec.) You need to > provide a set of valid roles via <security-role> in your web.xml file. > > > <Context debug="99" docBase="${catalina.home}/webapps/testeweb" > > path="/testeweb"> > > Take out the docBase and path attributes - they're not allowed when the > <Context> element is in META-INF/context.xml (where it should be). > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]