This is my web.xml:
Where these three roles are present in my tomcat-users.xml. No other role is there in tomcat-users.xml.
And I have a JSP restrict.jsp on root. When I access this JSP directly I shouldn't be allowed. As no <role-name> is present in <auth-constraint> means no role is allowed. But I can access this JSP. Why so?
[ June 02, 2007: Message edited by: ankur rathi ]