tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Lamb <p...@oil-law.com>
Subject Catalina & Welcome Files
Date Fri, 29 Sep 2000 02:07:55 GMT
I noticed today that with the latest catalina that it doesn't seem to check
security constraints on welcome files.

If my welcome file is "app/default.htm", and I have a security constraint on
/app/* and I request http://localhost, it will return default.htm without
prompting to login. But if I request http://localhost/app/default.htm then
it will send the login.

Paul Lamb

Mime
View raw message