This...
> <servlet-mapping>
> <servlet-name>
> authservlet
> </servlet-name>
> <url-pattern>
> /secure/*
> </url-pattern>
> </servlet-mapping>
and this
> RequestDispatcher rd =
> request.getRequestDispatcher("/secure/hello.jsp");
> rd.forward(request, response);
were causing a horrible loop. I didn't realize that Tomcat would run
the servlet mappings on the args to getRequestDispatcher, but it
does. The solution is simple: make the url-pattern something else,
like securepages, and then it can serve the files out of the /secure/
directory.
This is going to be a fantasticly useful auth method once I get it all
working. Yet again, I find that tomcat is enormously powerful and has
a steep learning curve. The two go together I guess.
