All: Just to close the loop:
The 404 not-found error I was receiving was coming from the Apache webserver; when I switched to using the Tomcat servlet container standalone, FORM-based authentication -- set up as per the advice of those of you who replied -- worked properly. I *thought* that I had Apache configured to pass everything through to Tomcat, but obviously, I have something wrong in my Apache configuration. I'll take a look at that in the near future. Thanks again, -- Charlie -----Original Message----- From: Charles McClain [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 7:10 PM To: Struts User Mailing List Subject: Logout in a container-managed security environment -- Follow-up All: I received several replies to my original question, all of which indicated that, in order to do a forceful logout, I needed to use FORM-based CMA rather than BASIC. One of the replies recommended an article on the topic, which I downloaded and read. I implemented FORM-based authentication, making the changes to my web.xml, indicating the login form and error page, etc. The container (Tomcat 4.0) seems to know that I want FORM-based authentication, since it pops up my login page. I did, by the way, include the fields j_username and j_password, and my form action is j_security_check, as per the instructions. However, when I press the submit button, my browser gives me a 404 not-found error on the (nonexistent, of course) page j_security_check. I've checked the Apache and Tomcat logs, and one of the Tomcat logs tells me that it has "Configured an authenticator for method FORM", but it still seems to be looking for a page by that name rather than invoking the method. Anyone have any ideas? Charles McClain Phone: 603.659.2046 email: [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
