I agree with Jeff the Servlet 2.2 Spec only specifies that an error page is
returned - so Orion's behaviour is up to spec. To allow continuation of the
login process from loginError page would be an add-on ... cerrtainly a
useful one, because it's more user friendly. But of course, it is Orion's
developers who call the shots.
--peter
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Schnitzer
Sent: Monday, February 26, 2001 8:06 AM
To: Orion-Interest
Subject: RE: Orion FORM based authentication Configuraton problem
If I'm reading the steps correctly, this behavior is actually fully
spec-compliant. This is the reason I don't use FORM-based login.
j_security_check is only required to be valid immediately after an
attempt to visit a secured page. There is no provision to be able to
re-enter credentials from the failure page, and the Orion implementation
doesn't allow it. The user must hit the back button :-(
Also, Orion performs a forward() rather than a redirect() when a
successful login does occur. Thus the ugly url in the user's browser.
I logged bug #126 against this issue but it was denied :-)
Jeff
winmail.dat
