Hi Guys,

I have declarative security for my application. When ever I go to a restricted page using Tomcat I go straight there without being propmted for a username and password. Am I doing somthing wrong in my web.xml? web.xml:

<security-constraint>

    <web-resource-collection>
        <web-resource-name>CheckUsers</web-resource-name>

        <url-pattern>*.jsp</url-pattern>

        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <auth-contraint>
        <role-name>test</role-name>
    </auth-contraint>

    <user-data-constraint>CONFIDENTIAL</user-data-constraint>

  </security-constraint>

  <login-config>
      <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginerror.jsp</form-error-page>
    </form-login-config>
  </login-config>

could someone please advise?

Thanks and Regards

Adz - Its all about the JSPs baby!

__________________
Adz - Learning The J2EE Ways.