The problem is that your initial request is to the same page as your
<form-login-page>. The initial request should be do a protected resource,
then the user will be prompted for the login page, and then upon successful
authentication - they will be routed to the initial request.
I usually have an index.jsp that routes the user to a secured resource, and
then I use the following in web.xml to ensure that they don't get the error
below:
<error-page>
<error-code>400</error-code>
<location>/index.jsp</location>
</error-page>
The problem is that typically folks will see login.jsp as the first page in
the app, and will bookmark it. I wish tomcat didn't display login.jsp, but
rather the initial requested URL - then users wouldn't get the wrong
bookmark. To get around this, I see two options:
1. Use index.jsp as a true welcome page, with a link to the secured
resource.
2. Put a message on the login screen that says "do not bookmark this page."
I've opted for Number 2, and since all my users are IE, I have a link that
adds a bookmark for them using Javascript.
HTH,
Matt
> -----Original Message-----
> From: Your Name [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 7:32 AM
> To: [EMAIL PROTECTED]
> Subject: j_security_check problem
>
>
>
> We are running Tomcat 4.1... and are trying to get xreporter
> to run. We
> have installed everything and when we go to test the login it gives us
> this error (which is a http 400 error)..
>
> type: Status report
>
> message: Invalid direct reference to form login page
>
> description: The request sent by the client was syntactically
> incorrect
> (Invalid direct reference to form login page).
>
> I have looked around and people are suggesting that it is a tomcat
> config problem. The form submits to j_security_check.
>
> Has anyone ran into this problem and does anyone know how to fix the
> problem. Any help would be great.
>
> Thanks Ahead of time,
> Fred
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
