Hi I'm having a problem using form-based authentication. It all works fine with standalone Tomcat, but goes pear shaped on Apache with Tomcat. It seems to be the same problem that is described in http://www.mail-archive.com/[EMAIL PROTECTED]/msg43091.html (but I think it's more a Tomcat thing than a struts thing).
Basically, I'm using the securityfilter filter from http://www.securityfilter.org/. I have a login.jsp that submits a form to j_security_check in the usual way. The only trouble is that Apache comes back with an Apache 404 on /path-to-login.jsp/j_security_check. It is clearly not passing j_security_check through to Tomcat to handle. The URL at the top of this message suggests passing all requests through to Tomcat (at least I think that's what it means - it uses mod_jk, and I'm using mod_jk2, which I'm not totally expert at anyway). First, that doesn't seem to work for me, and second, although I could configure things that way on my local setup it's not a realistic option for deployment, where I'm on a shared server. The support guy at my hosting service suggested making the target of the form /servlet/j_security_check, which at least gets it through to Tomcat --- which then gives me a 404. Obviously this is right, because I have no servlet mapping that would pick it up. So is there a way of defining a servlet mapping (or indeed any other element in web.xml) that would push things through to the right place? Alternatively is there any way of doing this programmatically? Could I send the form into a servlet which could then forward or redirect to j_security_check directly, without going through Apache? If so, how? Thanks for any help on this. -- Louise Pryor http://www.louisepryor.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]