tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin O'Shea" <>
Subject RE: Using multiple login pages
Date Wed, 05 Oct 2011 17:59:51 GMT
I have it now. There was a redirection going on in a method called from a scriptlet in the
login page. It now seems to be OK.

Thanks Chris.

But one thing bugs me still: you said that you can have 'different login pages for different
types of resources you're trying to reach.' Can you give any pointers about this?

.-----Original Message-----
From: Christopher Schultz [] 
Sent: 05 Oct 2011 18 39
To: Tomcat Users List
Subject: Re: Using multiple login pages

Hash: SHA1


On 10/5/2011 11:41 AM, Martin O'Shea wrote:
> This follows on from yesterday's discussion about whether in my 
> application, I can have more than one page with an embedded login form 
> or not.
> I've been looking over the servlet spec (V2.2) and it seems that I 
> can't actually do this which is a shame.

Do what, have different login pages for different types of resources you're trying to reach?
Sure you can: try reading my responses.

> So I'm now looking at a more conventional log in from a login page.
> But can anyone explain to me why I don’t see my login page when I run 
> the application?
> Login.jsp contains the following:

This isn't relevant if you're not seeing it.

> Which corresponds to the following in web.xml:
> <welcome-file-list>
> <welcome-file>/jsp/about/concept.jsp</welcome-file>
> </welcome-file-list>
> <security-constraint> <web-resource-collection> 
> <url-pattern>/aboutConcept</url-pattern>
> </web-resource-collection> <auth-constraint> <description/> 
> <role-name>ADMIN</role-name> </auth-constraint> </security-constraint

> >
> <login-config> <form-login-config>
> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
> </form-login-config> </login-config>
> But when I run the application, all I get is the html of the page 
> specified in the welcome file list?

Is that a question or a statement?

> But if I then invoke a link from the welcome file, I get the login 
> page. Surely it should be the other way around?

Your welcome file is not protected in any way, so you are not challenged for credentials.
If you want to login to see every page on your site, you should have <url-pattern>/*</url-pattern>
in your <web-resource-collection>.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message