The <form-login-page> tag is used to reference the login page, similar to the way you have the <form-error-page> tag coded. The <form-login-page> should look something like <form-login-page>/login.jsp</form-login-page>, and the login.jsp page would have the post to j_security_check and the j_username and j_password fields. Not sure what you mean by "...So every page has a form with a loginname and password field...."; only login.jsp has the login post and variables, your application content pages do not have the login parms and require nothing special for this.
Use the <url-pattern> tag in the <security-constraint> to control what pages within your application require login. If all pages require a login, it would be something like <url-pattern>/*</url-pattern>. Understand that you do not link users directly to login.jsp. They should access the page they want, and tomcat will interrupt the access their first time, transfer them to the login.jsp, and assuming they login correctly; tomcat will then allow access to the desired page. David Werner van Mook <[EMAIL PROTECTED] To: Tomcat Users List <[EMAIL PROTECTED]> s.com> cc: Subject: formbased login question 03/04/2004 03:56 AM Please respond to "Tomcat Users List" Before starting on a quest for more knowledge I thought I ask you all, I'm building a web app. A user should be able to login on every page available. So every page has a form with a loginname and password field. The form is formatted correctly for form based login. I'm not using frames! My web.xml contains : <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/*</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> I'm wondering about the <form-login-page> tag. How to make it clear to tomcat that every page can be a login page. I haven't tried it yet but I think my solution (/*) will not work. The testingserver DB is broken and we are using JDBCRealm. Who has experience with this and is willing to help me? I would like to know what to fill in in the <form-login-page> tag or any other way to solve this. Kind regards, Werner van Mook --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]