This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am trying to constrain access to a file jstlChoose.do, which is a jsp and I have mapped it to jstlChoose.do in web.xml. As per what I have read, <security-constraint> element in web.xml does this job. I did the following in my web.xml
I have added admin and manager roles in tomcat-users.xml. Now, if I understand correctly only admin and manager are allowed to call GET method on this jstlChoose.do. but when I try to access this file using
instead of getting the authentication screen, I am able to see the result. Am I doing something wrong? Do I have to set some variable to a user role first and then try accessing this file? I am really confused... Any help is welcome,