This is the page I am on:
https://localhost:8443/mywebapp/registerdone.do
and this is the link I am using:
https://localhost:8443/mywebapp/private/editprofile.do
This mapping is protected by my security constraints (/private/) and so tomcat invokes the j_security_check form, and on submission tomcat gives me the 400 status invalid direct reference.
I have the login form and the login error form SSL encrypted.
It works fine for non-HTTPS links.
Here's the web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>Does anyone know what I am doing wrong, or has seen this error too?
Thanks Adam
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
