My problem is that the loginPage.html doesn't display, when I make a request to the constrained resource. Instead, the browser told me "the page you are looking for is unavailable". If I remove the constraint, it works great. Can you imagine where the trick is?
I made a request to CheckCookie.do
Servlet URL
pattern, which is under "myApp" applicaton.
Http://localhost:8080/myApp/CheckCookie.do The loginPage.html and loginError.html are under myApp directory also.
Http://localhost:8080/myApp/loginPage.html Http://localhost:8080/myApp/loginError.html Both links work.
Below is the code:
<!--security role--> <security-role>
<role-name>Guest</role-name>
<role-name>Member</role-name>
<role-name>Admin</role-name>
</security-role>
<!--security constraint --> <security-constraint>
<web-resource-collection>
<web-resource-name>myBeer</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Member</role-name>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!--login config --> <login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/loginPage.html</form-login-page>
<form-login-error>/loginError.html</form-login-error>
</form-login-config>
</login-config>
[ July 02, 2005: Message edited by: Bruce Sun ]