Hello,
I'm trying to configure <security-constraints> for two levels of security (admin & user). Lots of sources claim this can be done, but I have yet to find an example.
The following works most of the time (leaving out some details for clarity):
... here's the behavior:
... so it works OK unless one of the roles attempts to access the other's resource, at which point
tomcat fails to fetch <form-error-page>. And if I comment out the second (/user) <security-constraint>, the behavior is the same for number (8) ... so the problem is not the two constraints, it's the two roles.
I tried duplicating the <form-login-config> and <security-role> nodes after each <security-constraint>, with just one <role-name> to match the resource, but that violates node-order rules, and tomcat won't go for it.
Does anybody know how this is done? Seems like needing separate admin and user protected resources would be somewhat common, n'cest pas?
server.xml:
... jakarta-tomcat-5.0.28
- Thanks!