I think you've got the wrong idea about how the form-based security works. It is counter-intuitive I agree but anyway...
Firstly the login form should not be in the secure area. Define as the default page something in the secure area. When the user tries to go to this default page tomcat will redirect them to the login page. After they've logged in successfully Tomcat wil redirect them to the page they originally asked for (i.e. the default page). You don't need a filter to do this. Tomcat does it automatically for you. Hamish > -----Original Message----- > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 13, 2003 4:32 PM > To: Tomcat Users List > Subject: Re: Form based security > > > Ok, I figured most of the things out. > > My next question (along the same lines) is this: > > I have a link to the login.jsp which is now in a > security-constraint area. > When they use the login.jsp successfully it complains about: > Invalid direct reference to form login page > > How do I use the login page and define a page for a successful login? > > Thanks! > > -- > Sloan > > ----- Original Message ----- > From: "Sloan Seaman" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Thursday, February 13, 2003 10:01 AM > Subject: Re: Form based security > > > > I have a filter set up so that if they don't go to the index.jsp or > > login.jsp it will redirect them to the login.jsp. > > (is that the best way?) > > > > So basically they either go to the index.jsp or login.jsp > page. How do I > > list a page as secure? > > > > Do I have to wirte code for the j_security_check or is this > something > within > > tomcat? > > > > ----- Original Message ----- > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > Sent: Thursday, February 13, 2003 9:50 AM > > Subject: RE: Form based security > > > > > > > Are you going directly to the login page? If so then you > need to go to a > > > page in that's listed as being secure. You will then be > forwarded to the > > > login page. When you've logged in successfully then you will be > forwarded > > to > > > the page you originally requested. > > > Hamish > > > > > > > -----Original Message----- > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, February 13, 2003 3:48 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Form based security > > > > > > > > > > > > I'm attempting to do form based security and I keep getting a > > > > 404 error when > > > > I click the submit button. > > > > > > > > I'm guessing I'm missing some type of configuration in the > > > > server.xml..... > > > > > > > > The form I am using is: > > > > <form method="POST" action="j_security_check"> > > > > <input type="text" name="j_username"/> > > > > <input type="password" name="j_password"/> > > > > <input type="submit" value="Submit"> > > > > </form> > > > > > > > > > > > > And I have the following in my web.xml > > > > <login-config> > > > > <auth-method>FORM</auth-method> > > > > <form-login-config> > > > > <form-login-page>/login.jsp</form-login-page> > > > > <form-error-page>/login-error.jsp</form-error-page> > > > > </form-login-config> > > > > </login-config> > > > > > > > > Can anyone help me out here? > > > > > > > > -- > > > > Sloan > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
