Require Login (Form based)
I want to control my website so that all pages require a logged in user, some pages are only visible for certain roles. In the web.xml description there is a remark for the <login-config> element:
If this element is present, the user must be authenticated in order to access any resource that is constrained by a <security-constraint> defined in the Web application. Once authenticated, the user can be authorized to access other resources with access privileges.
one for all pages:
one with restriction for roles:
my <login-config> element:
The role restriction works fine. But also a user who is not logged in, can access the other pages and is not redirected to the login page.