It seems that my problem was that I was forgetting the servlet mapping for my JSP.  I added that in and it seems to work just fine.  N00b mistake :)

On 8/12/06, Nathan Mittler < > wrote:
I have a very simple web app (just a single JSP) and I seem to be unable to restrict access to it.  I am fairly new to J2EE so it is entirely possible (and likely) that I'm doing something wrong.

Here's the content of my web.xml:


and here's my geronimo-web.xml:

      <principal name="normal_users" class=""/>
      <role role-name="admin">
        <principal name="admin_users" designated-run-as="true" class=""/>

I had previously deployed an SQL realm named Ch14Realm and had tested the logins successfully.

When I go to <geronimo>/SimpleSecureWebApp/index.jsp, I am expecting to be prompted for a username and password.  Instead, I am just brought directly to my index.jsp page.

Any help would be greatly appreciated!

Nathan Mittler