Charles, The thing to keep in mind is that you cannot call the login page directly. Rather, you have to call a protected page, which will trigger the login page, then will post to the j_security_check, and the container will then forward to the protected page if the user authenticated correctly. It seems that most containers do not register the j_security_check directly, but rather look for it once a protected resource has been requested.
HTH, James > -----Original Message----- > From: Charles McClain [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 24, 2002 6:10 PM > To: Struts User Mailing List > Subject: Logout in a container-managed security environment > -- Follow-up > > > All: > > I received several replies to my original question, all of > which indicated that, in order to do a forceful logout, I > needed to use FORM-based CMA rather than BASIC. One of the > replies recommended an article on the topic, which I > downloaded and read. > > I implemented FORM-based authentication, making the changes > to my web.xml, indicating the login form and error page, etc. > The container (Tomcat 4.0) seems to know that I want > FORM-based authentication, since it pops up my login page. I > did, by the way, include the fields j_username and > j_password, and my form action is j_security_check, as per > the instructions. > > However, when I press the submit button, my browser gives me > a 404 not-found error on the (nonexistent, of course) page > j_security_check. I've checked the Apache and Tomcat logs, > and one of the Tomcat logs tells me that it has "Configured > an authenticator for method FORM", but it still seems to be > looking for a page by that name rather than invoking the method. > > Anyone have any ideas? > > Charles McClain > Phone: 603.659.2046 > email: [EMAIL PROTECTED] > > > -- > To unsubscribe, e-mail: > <mailto:struts-user-> [EMAIL PROTECTED]> > For > additional commands, > e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
