I'm using FORM authentication, and everything seems to be working (logins are accepted, etc), except when there was an error the URL changes in the users browser to point to j_security_check. The contents of the redirect to j_security_check contains login.html, so the user is able to login as expected, but my "error=true" query string is not passed along. Is there something obvious I am doing wrong here? I got it working under Jetty as a sanity test, but I need to get it working in Tomcat too...
Using: FF 3.6.8 Tomcat 6.0.26 web.xml: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/login.html?error=true</form-error-page> </form-login-config> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>Unprotected Resources</web-resource-name> <url-pattern>/favicon.ico</url-pattern> <url-pattern>/login.html</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Protected Resources</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org