The latest release of SecurityFilter (securityfilter-1.0-b5) has been fixed to allow requests to the login and error pages even if they match a security constraint. This matches the behavior of the containers I tested.
It also has some security fixes, so I recommend all users upgrade to the latest version. You can download it here: http://sourceforge.net/project/showfiles.php?group_id=59484&release_id=13181 3 -Max ----- Original Message ----- From: "Arnesen, Geir" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, January 11, 2003 12:55 AM Subject: SV: Security Filter and ActionForm We use this consept. The loginform is unsecured (not filtered). When trying to access a secured page with no session (this is checked by the filter), - the request is forwarded to the loginpage. After successfull logon, - you are sent to the originally selected page. If the logon fails,- you gets the errror, - i.e. logon failed... Geir -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
