tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roytman, Alex" <>
Subject Form Authentication inconsistency
Date Wed, 15 Nov 2000 01:22:23 GMT

Unless I missed something I believe there is a deficiency in Form
Authentication mechanism. 
Which does not let us to protect entire context: 

When protected resource is entire context:

tomcat enters endless loop

trying to call login form

    <realm-name>Example Form-Based Authentication Area</realm-name>

I believe tomcat should call login forms without security checks. But it
looks like it is not the case.
Also, I don't know of any URL pattern which allows to exclude certain
patterns so what is a solution.

Any help is greatly appreciated


View raw message