> From: Mark Thomas [mailto:ma...@apache.org] > Subject: Re: Request not forwarded to login page with > security-constraint after session time-out > > The spec is clearer than that. The "*" role == all roles > defined in web.xml.
Yes, but what it's not clear about is what happens when there are *no* roles defined in web.xml, which is the situation the OP has. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
