Hi All,
I am trying to constrain access to a file jstlChoose.do, which is a
jsp and I have mapped it to jstlChoose.do in web.xml.
I did the following in my web.xml for the security constraints
--------------------------------------------------------------------------
<code>
<security-constraint>
<web-resource-collection>
<web-resource-name>JSTL Choose</web-resource-name>
<url-patterns>/jstlChoose.do</url-patterns>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
</code>
-------------------------------------------------------------
Now, if I understand correctly, only admin and manager are allowed to call GET method on this jstlChoose.do. SO, when I try to access this file using
http://localhost:8080/TestJSP/jstlChoose.do I should get a browser's standard pop-up form asking for user name and password.
But, it is not asking for any user name and password and I am still able to see the result.
Am I doing something wrong? Do I have to explicitly set some variable to a user role first and then try accessing this file? I am really confused...
Any help is welcome,
Regards,
Sushma