I thought I understood how contained-managed auth worked, but
obviously I'm missing something.

Hers' what I have right now

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>JDBCRealmTest</web-resource-name>
			<description>accessible by authenticated users of the
adoption-admin role</description>
			<url-pattern>/Adoption/application/list</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<description>These roles are allowed access</description>
			<role-name>adoption-admin</role-name>
		</auth-constraint>
	</security-constraint>
	<login-config>
		<auth-method>BASIC</auth-method>
		<realm-name>MyFirst Protected Area</realm-name>
	</login-config>
	<security-role>
		<description>Only ‘adoption-admin’ role is allowed to access this
web application</description>
		<role-name>adoption-admin</role-name>
	</security-role>

I thought this would require auth for the url
/Adoption/application/list, but there is no challenge when I test.  I
have fooled with the url-pattern but the only pattern I can get to
work is '/Adoption/*'.  I have tried '/Adoption',
'/Adoption/application/list/*', but none of them cause a challenge.

What am I missing?

--
Jonathan Rosenberg
Founder & Executive Director
Tabby's Place, a Cat Sanctuary
http://www.tabbysplace.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org