In my web.xml file I have a security constraint which is intended simply to block direct access to the jsp, jspx, xhtml files directly. Here is the snippet from web.xml Unavailable_Raw_Pages RawPages *.xhtml *.jsp *.jspx *.tiles POST GET PUT DELETE Since no roles are defined, the content is completely blocked. When I deploy the app as a WAR file to geronimo, this works well. Now when I'm trying to deploy as an EAR, it won't deploy with message "web.xml for web app XXX.war includes security elements but Geronimo deployment plan is not provided or does not contain element necessary to configure security accordingly." I have tried various different contents in geronimo-application.xml, but I always get the same error. The app uses custom security, and I do not have any security realm defined on Geronimo. Can I do this, and if so, how? Thanks, - Ray Clough

View this message in context: security constraint question
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.