It sounds like you are quite close on this. I think your problem should be pretty easy to fix. To answer your questions: 1. I don't have any authentication code at all in my webapp. The j_security_check sets up the context for you. I don't use a struts-form for my login. Do this: Use a straight-up html/jsp page and don't post to a struts action. Post the j_security_check. That should be all you need. By posting to your logon action, you are bypassing the container security code that would set all security context for you.
2. You should not reference your login page or the the j_security_check directly. You should only allow the web container to redirect you to it as necessary. I think you will get exceptions or http error codes back if you try to force this. The container will handle it all for you. To logout, I have a logout action that checks for a valid session and if there is one, invalidates it. Do that and let me know if you still need further help. gary. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854278#3854278 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854278 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
