I am posting here a part of my web.xml that enforce the authentication and security. But it is not working as I wanted. Do I have to do anything else for the login.jsp to jump in when I access the restricted
servlet?
<security-constraint>
<display-name>constraintSSL</display-name>
<web-resource-collection>
<web-resource-name>login page resource</web-resource-name>
<description></description>
<url-pattern>/login.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>everyone</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>non SSL constraint</display-name>
<web-resource-collection>
<web-resource-name>secured servlet resource</web-resource-name>
<description></description>
<url-pattern>/MemberS</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>authenticated_user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description></description>
<role-name>everyone</role-name>
</security-role>
<security-role>
<description></description>
<role-name>authenticated_user</role-name>
</security-role>
[ December 13, 2006: Message edited by: PradeepPillai Pradeep ]
