And your question would be ????
I am assuming that you are wanting a work-around. Well, if you get
Tomcat 3.2.2 (I think you still have to get it from CVS, but it should be
release shortly) you will start getting 404 errors instead of infinte loops,
I believe.
Two work arounds:
1. What you probably want to do it to move everything in /foo to
/foo/protected, except for login and error. Then disallow GET on
/foo/protected/*.
2. What you probably don't want to do (but might) is to allow GET
on /foo/login.jsp and /foo/error.jsp and disallow everything else (a hassle
because you have to explictly disallow everything else and you must maintain
the list in order to keep your site secure).
Your problem stems from the fact that when users type in URLs the
request is made as a get, which you have disallowed. (This part you probably
knew) This is then sent to the error page, as a get, which generates an
error, which sends it to the error page as a get, and so on.
Randy
-----Original Message-----
From: Kevin Jones [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 19, 2001 9:42 AM
To: Tomcat-User
Subject: Login
I have a web-app that I want people to logon to. If the web-app is call foo,
I put a constraint in web.xml stopping GET access to /foo/*. I then specify
/foo/login.jsp and /foo/error.jsp as the login/error pages. Under TC4 this
all works, I browse to http://localhost/foo, get re-directed to the login
page and off we go.
However, this configuration causes TC 3.2 to go into an infinite loop. The
browsers asks for login.jsp and keeps getting re-directed to login.jsp
because everything under /foo is protected.
Kevin Jones
DevelopMentor
www.develop.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
