It's not going to work because the servlet container needs to *redirect*
to the login page (for example, so that relative references to images on
the login page itself are resolved correctly). That means the login page
has to be visible from the browser, which means it cannot be in /WEB-INF.
Craig McClanahan
On Fri, 7 Sep 2001, Kevin HaleBoyes wrote:
> Date: Fri, 7 Sep 2001 17:07:00 +0100 (BST)
> From: Kevin HaleBoyes <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: hiding my login.jsp
>
> I'm using form based authentication with the following in my web.xml file:
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginerror.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> I tried to hide my login.jsp and loginerror.jsp pages by putting them
> in a subdirectory of WEB-INF (and changing the <form-*-page> attributes)
> but I couldn't login to my application.
>
> Specifically, I put the two files in the WEB-INF/jsp directory and changed
> the web.xml file to:
> <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
> <form-error-page>/WEB-INF/jsp/loginerror.jsp</form-error-page>
>
> Any thoughts on why this wouldn't work?
>
> Thanks,
> Kevin HaleBoyes
>
>
> ____________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
>
