I'm using FORM authentication, and everything seems to be working
(logins are accepted, etc), except when there was an error the URL
changes in the users browser to point to j_security_check. The
contents of the redirect to j_security_check contains login.html, so
the user is able to login as expected, but my "error=true" query
string is not passed along. Is there something obvious I am doing
wrong here? I got it working under Jetty as a sanity test, but I need
to get it working in Tomcat too...
Using:
FF 3.6.8
Tomcat 6.0.26
web.xml:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login.html?error=true</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unprotected
Resources</web-resource-name>
<url-pattern>/favicon.ico</url-pattern>
<url-pattern>/login.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected
Resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
