I guess this was a bug in 5.0.28 according to the servlet spec (SRV.8.4). If anyone else runs into this issue, the solution is pretty easy:
String origRequestUrl = request.getAttribute("javax.servlet.forward.request_uri") -----Original Message----- From: Aaron Loucks [mailto:[EMAIL PROTECTED] Sent: Friday, October 28, 2005 12:39 PM To: users@tomcat.apache.org Subject: login config bug? request.getRequestURL() returns form-login-page in Tomcat 5.5.12 request.getRequestURL() is returning the uri of the <form-login-page> element instead of the original request url in 5.5.12. Is this a bug or was this intended to be this way? If this is supposed to return the form-login-page, how do I get the original request URL? Tomcat 5.0.x did not behave this way -- getRequestURL() returned the original request. For example: web.xml: ... <security-constraint> <web-resource-collection> <web-resource-name>protected</web-resource-name> <url-pattern>/some_protected_url</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </web-resource-collection> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/WEB-INF/login.jsp</form-login-page> </form-login-config> </login-config> ... ----------------- Request to: http://localhost:8080/some_protected_url ------------------ login.jsp: ... System.out.println(request.getRequestURL()) // prints "/WEB-INF/login.jsp" in Tomcat 5.5.12 ... System.out.println(request.getRequestURL()) // prints "/some_protected_url" in Tomcat 5.0.28 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]