J2EE container managed security
From: Ryan Stewart (zzanNOtozz_at_gSPAMo.com)
Date: Sat, 29 May 2004 21:33:08 -0500
I'm experimenting with container managed security and have a couple of
questions for those of you who use it or have decided not to use it.
1) Why do you use it or not use it? Do you find it versatile? Restrictive?
2) Why do I still have access to protected url-patterns after a
session.invalidate() when using basic authentication but not when using
3) Why, when using form-based authentication, would my test application not
redirect to the HTTPS port properly? I'm running Tomcat on the default 8080
with SSL on 8081. Redirects are set properly in server.xml. When using basic
authentication, I will be successfully redirected from
https://localhost:8081/secureApp/blah (my secure resource). However, when I
change from basic to form-based (no other changes to web.xml), it tries to
send me to https://localhost:8080/secureApp/login.jsp for authentication.
Note the incorrect port. Will post whichever code upon request if I haven't
figured it out by then.