Hey everyone I'm trying to lean more about authentication with tomcat and have been having a problem trying to restrict access to just one servlet in a webapp. I have two servlets: servletA, and servletB. the web.xml file looks like this:
I have a user set up in the admin role and everything works fine if I change the url-pattern to just /* in the security-constraint element. but if I try to make it /ServletB then the page is served with no checking involved. I've tried all sorts of variations of the url-pattern with no success. Anyone have any ideas? thanks
Thanks for the reply Frank, that was one of the patterns I tried to no avail. I figured it out, it was a typo in my xml file. I cut and pasted from one file to make the new one and muxt have gotten some extraneous character in there somehow. When I would start tomcat it sould tell me there was a problem there but I never watched the DOS window when it was starting up I always just minimized and went to work. Oh, well, lesson learned - thanks again.