You're not supposed to be able to reach the login page, except by accessing a secure page. The container is then responsible for displaying the login page and sending the user to the correct secure page, once they have been authenticated. So, rather than having a link to your login page from your home page, you should have a link to your main welcome page inside your secure area. Tomcat will then send the user to the login page automatically, if they haven't been authenticated.
What version of Tomcat are you using? Unfortunately, in TC 3.2.x (possibly others, but I'm not sure) the container *redirects* the user to the login page which makes it possible for the user to then bookmark that page -- thus defeating the idea that they have to access a secure page first. The only way I found to get around this was to put my login page in a separate "/login" directory and then put an "index.jsp" file in that directory that redirects to my secure area. That way, anyone who bookmarked the login page was handled correctly. I'm not sure if this will work in other versions of Tomcat, though. Hope this helps! --jeff ----- Original Message ----- From: "John Mikhail" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 05, 2001 5:36 PM Subject: Authentication problem...redirected to /null > Hello, > > I'm wondering if anyone can help me with an issue I'm having with my web > app. I have a web application that uses the JDBCRealm and I've defined > all the roles and what not. Here's the scenario... > > If I try to access a secure page, it will take me to the login page. I > login with a valid user and then get redirected back to the secure page > with no problems now that I'm authenticated. That's not the problem. > The problem is I can also login from the home page. If I log in from > the home page with the same authenticated user, it tomcat is trying to > redirect me to <context>/null. Why is that? I have a welcome file list > defined in my web.xml. If anyone can help, it would be greatly > appreciated.. > > > -- > John Mikhail > "Codito, Ergo Sum" > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>