Another form based authentication question. We have form based authentication working fine for the most part. We follow the spec, send the user to a restricted area, they get redirected to the form, they're authenticated and everything's fine.
The problem is that some users sometime go directly to the form and get: ---------------- Apache Tomcat/4.0.3 - HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). ------------------- which is the correct behavior according to the spec, but ugly as hell as far as a real world application. What kind of workarounds are people using for this problem? <gripe> Why does the spec implement the form using this ugly approach? Why can't we just have a form where we collect the data and use a method like context.authenticate(user, password) to do the authentication instead of the strange replication of basic authentication? </gripe> -- Dror Matalon Zapatec Inc 1700 MLK Way Berkeley, CA 94709 http://www.zapatec.com ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
