Hi,
I am trying to constrain access to a file jstlChoose.do, which is a
jsp and I have mapped it to jstlChoose.do in web.xml.
As per what I have read, <security-constraint> element in web.xml does this job. I did the following in my web.xml
-----------------------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>JSTL Choose</web-resource-name>
<url-patterns>/jstlChoose.do</url-patterns>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
--------------------------------------------------------------
I have added admin and manager roles in tomcat-users.xml. Now, if I understand correctly only admin and manager are allowed to call GET method on this jstlChoose.do. but when I try to access this file using
http://localhost:8080/TestJSP/jstlChoose.do instead of getting the authentication screen, I am able to see the result.
Am I doing something wrong? Do I have to set some variable to a user role first and then try accessing this file? I am really confused...
Any help is welcome,
Regards,
Sushma
