tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: problem with tomcat realm
Date Wed, 10 Feb 2010 19:01:37 GMT
Hash: SHA1


On 2/10/2010 8:36 AM, aaaaaa wrote:
> When the user goes in a particular page I need to ask him a new
> authentication because this page needs more privileges (this page infact is
> only for administrators and in web.xml I specify it with a security
> constraint and role). 
> This second step is my problem. When he goes in this page only the message 
> "Access to the requested resource has been denied" appears  while I would
> like that tomcat asks him for a new login and at the same time that tomcat
> remembers the previous login when the user comes back in the other pages.

Tomcat implements container-managed security according to the Java
Servlet Specification, which does not specify the behavior above.
Instead, once a user is authenticated, their identity is considered
"known" and their roles dictate the resources they may access.

If you want the behavior you describe above, you'll have to use a
different security mechanism than the one provided by Tomcat.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message