Yea, but in this case, it may be something we need to live with.
The login page scriptlet code looks for the login credentials in the request and sets the appropriate form fields as well as a flag we use to indicate whether the form should be submitted immediately upon loading and in either case, it's a POST to j_security_check. I'm not sure I'll be able to even configure a filter for what we need to do. Am testing it now. We may need to forgo JAAS entirely and use an action servlet instead.
--adam Dale Newfield wrote:
Except a redirect must be to a GET, not a POST, and it would be unfortunate to include the login credentials in a GET as they would then appear in history/logfiles... ...there's no way to do in code in your filter right where the problem case is detected the same stuff you do in a script on your login form page?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
