tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Request not forwarded to login page with security-constraintafter session time-out
Date Fri, 27 Feb 2009 17:30:04 GMT
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Request not forwarded to login page with
> security-constraintafter session time-out
>
> I don't find this ambiguous at all

You have to carefully examine the sections being referred to; in each area of the spec, the
references are the to <role-name>s specified in a <security-constraint>, not to
those listed in a <security-role>.  There is no direct statement in the spec (but there
is implication) that a list of <security-role> elements is required, nor is there any
statement about what happens if there is no such list.

Moreover, the spec does not address the situation the OP has: all that's desired is authentication,
authorization is not needed or desired.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message