Once again, login form can only be accessed on demand by server. This mean access to you login.jsp will only occur as a result of a jsp forward internal to server at the first time you enter a secure area. You can't either access j_security_check either login.jsp directly. The required data in server would not be setup and you'll only trigger an exception. Prashant Saraf a écrit :
>i created a link which connect to login.jsp then also it not works:( > >On 2/3/06, David Delbecq <[EMAIL PROTECTED]> wrote: > > >>This mean you tried to access login form directly. This is not allowed >>in j2ee specifications. >>Access to login form should only be triggered by server on demand. You >>can't force a login. >>To access login page, simply put a link to saraf/index.html (simple >>example) >>Prashant Saraf a écrit : >> >> >> >>>i have a problem in Tomcat & jsp >>>when i use j_security_check it gives me following error. >>>The request sent by the client was syntactically incorrect (Invalid >>> >>> >>direct >> >> >>>reference to form login page >>>why this so >>>my web.xml.... >>> >>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?> >>> >>> >>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee " >>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance " >>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee >>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd >>>" >>> version=3D" 2.4"> >>> >>> <description> >>> My first jsp example >>> </description> >>> <display-name>Work on Jsp</display-name> >>> >>> <security-constraint> >>> <display-name>TestApp Security Constraint</display-name> >>> <web-resource-collection> >>> <web-resource-name>Protected Area</web-resource-name> >>> <!-- Define the context-relative URL(s) to be protected --> >>> >>> <!-- If you list http methods, only those methods are >>> >>> >>protecte= >> >> >>>d >>>--> >>> <http-method>DELETE</http-method> >>> <http-method>GET</http-method> >>> <http-method>POST</http-method> >>> <http-method>PUT</http-method> >>> <url-pattern>/saraf/*</url-pattern> >>> </web-resource-collection> >>> <auth-constraint> >>> <!-- Anyone with one of the listed roles may access this area >>>--> >>> <role-name>*</role-name> >>> </auth-constraint> >>> </security-constraint> >>> >>> <!-- Default login configuration uses form-based authentication --> >>> <login-config> >>> <auth-method>FORM</auth-method> >>> <realm-name>Form-Based Authentication</realm-name> >>> <form-login-config> >>> <form-login-page>/login.jsp</form-login-page> >>> <form-error-page>/error.jsp</form-error-page> >>> </form-login-config> >>> </login-config> >>> <!-- Security roles referenced by this web application --> >>></web-app> >>> >>> >>>-- >>>Cup of Java + Suger of XML = Secure WebApp >>> >>> >>> >>> >>> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > >-- >Cup of Java + Suger of XML = Secure WebApp > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]