That is correct behavior. You cannot access the j-security_check page directly. You hava to access one of you regular pages and Tomcat will go to your form page.
Rick ----- Original Message ----- > Hi > > I use a Form based authentification in web.xml : > [...] > <login-config> > <auth-method>FORM</auth-method> > <realm-name>Authentication Area</realm-name> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/login_failed.jsp</form-error-page> > </form-login-config> > </login-config> > [...] > > in login.jsp : > [...] > <form method="GET" action="j_security_check"> > <input type="text" name="j_username"> > <input type="password" name="j_password"> > </form> > [...] > > authentification works great but after, if i click on the "Back" button of > my browser to go back on the login page > and i try the authentification again, Tomcat launch a HTTP 404 error on > /j_security_check > (page refresh don't change anything) > > in access.log (i protect /pages/* and login form is in /login.jsp): > > 10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /pages/home.jsp HTTP/1.1" > 302 764 > 10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /login.jsp HTTP/1.1" 200 > 7070 > 10.20.0.7 - - [10/Sep/2002:11:01:21 -0500] "GET > /j_security_check?j_username=bob&j_password=bob HTTP/1.1" 302 764 > 10.20.0.7 - bob [10/Sep/2002:11:01:23 -0500] "GET /pages/home.jsp HTTP/1.1" > 200 5018 > > here, all is ok , i'm authentified as bob (i think that 302 HTTP return code > is a good thing ? servlet redirection ??) > now i click on back button and attempt to re-authentifiate bob and ... > > 10.20.0.7 - bob [10/Sep/2002:11:01:29 -0500] "GET > /j_security_check?j_username=bob&j_password=bob HTTP/1.1" 404 734 > > 404 error ... > > Do you have a solution ? > > Thanks a lot. > > (bilingue english/french) > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
