Well, at least I laughed at myself when I finally figured it out. I was setting up a form-based login test. I didn't want to make it too complicated, so my "url-pattern" in the "w-r-c" was just "/*". I had the JSP that I was trying to protect in the root of my application. The trouble was, I had my "login.jsp" in the same directory. Both Tomcat and my browser were chugging real hard, but I never got my login page, or the page I was trying to protect. Those with experience know what happened here. When I tried to go to my original protected page, Tomcat decided I needed to be authenticated, so it sent me to the login page, which is just as restricted as the original page, so Tomcat decided I needed to be authenticated, so it sent me to the login page, ... and so on. Does this deserve to go into the "common servlet errors list"? -- =================================================================== David M. Karr ; Best Consulting [EMAIL PROTECTED] ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
