-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe,
Joe A wrote: > if i redeploy my webapp and try to access a protected page, it will show > the login > screen but after clicking login it just reloads the login page instead > of sending me to the protected page. That's weird. Are you sure something else isn't going wrong? (Uhh... you /do/ have the username and password right, right?) > if i reload the login page it will > give me access > to the page i wanted. Also kinda weird. Are you using cookies and/or URL rewriting? Don't forget that the form submission to j_security_check needs to be run through HttpServletResponse.encodeURL. > if i fill in user/pass and hit login a 2nd time it > shows: > > HTTP Status 404 - /j_security_check Yeah, Tomcat isn't set up to allow logins whenever the user wants. It's strictly REQUEST -> CHALLENGE -> LOGIN -> RESPONSE. If you try to re-login, Tomcat pretends that j_security_check isn't a valid request. Kinda stupid IMHO but that's all the servlet spec requires, so that's all that implemented. This "feature" is one of the reasons that I switched to SecuriryFilter (http://securiryfilter.sourceforge.net/). This package tolerates unexpected logins and is quite extensible. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGN3hr9CaO5/Lv0PARAlTKAJ94gd4NNzmqppoOqY9bWkqSmOo1PgCgiFHA ylp2B02mDtRR7L8fLJIAW98= =ZS4v -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
