This really concerns using j_security_check. (I know there have been many posts on this subject but I haven't seen the answer I need and I haven't found much in the way of documentation on j_security_check).
Tomcat 5 comes with a simple example of how to use j_security_check for form based login ( http://localhost:8080/jsp-examples/security/protected/, as referred to in the "Realm Configuration HOW-TO");
The example fails to redirect correctly after a failed login.
That is, if the user enter a valid username/password combination on the first try, everything is fine.
If not, the user gets the error page, which has link back to the login page. If she then enters the correct username/password, she is redirected to the /login page/. It appears that the user now is logged in. I.e. she can now access protected pages.
In other words, the login page -> error page -> login page redirection is 'losing' the url of the originally requested page. I suspect that a simple modification to login.jsp and error.jsp would fix this, but that requires knowing where j_security_check put the url of the originally requested page. I haven't founded any documentation on that.
If you know, or have any other ideas on fixing this, please let me know.
Thanks,
bw
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
