Hi, Perhaps the problem is well known. I'm under Tomcat/4.1.18-LE-jdk14
When I use form authentication, with the following code snippet included in web.xml: <web-app> <security-constraint> ... <web-resource-collection> <web-resource-name>declarativetest</web-resource-name> <url-pattern>/servlet/chapter9.DeclarativeSecureServlet</url-pattern> <http-method>POST</http-method> </web-resource-collection> ... </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/formlogin.html</form-login-page> <form-error-page>/formerror.html</form-error-page> </form-login-config> </login-config> ... </web-app> when I access my servlet http://localhost:8080/servlet/chapter9.DeclarativeSecureServlet via POST method, I have to fill the form http://localhost:8080/security/formlogin.html: that's confrom to the informations given in web.xml (<form-login-page>). However, when I fill correctly this form, I have the output of doGet method of the DeclarativeSecureServlet and not the output of doPost method as expected!! However, all works well when I run the same example with BASIC autthentication method instead of FORM one. Is this bug fixed in a more recent version of Tomcat? Thanks in advance for your response, Regards, Cyril.
