Ok. I think, I think I have it now to my satisfaction although much work remains.
Thanks Chris and Charles. -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 06 Oct 2011 01 45 To: Tomcat Users List Subject: Re: Using multiple login pages -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin, On 10/5/2011 6:50 PM, Martin O'Shea wrote: > If I understand you correctly, I think I should have this: > > <login-config> <auth-method>FORM</auth-method> > <realm-name>Form-Based Authentication Area</realm-name> > <form-login-config> <form-login-page>/login</form-login-page> > <form-error-page>/jsp/security/protected/error.jsp</form-error-page> > > </form-login-config> > </login-config> > > But when called I receive a page not found exception. /login maps > to a servlet I've been using to test my own logging in outside of > j_security_check It's important to understand that the <form-login-page> is the resource returned when the user tries to access a protected resource but is not yet authenticated. The <form-login-page> does *not* perform any authentication itself. It merely requests credentials from the user (i.e. it contains a <form> with j_username and j_password fields). > Should the servlet mapped to /login receive j_username and > j_password? No. It should produce a page which contains a login form. Tomcat will handle the actual processing of j_username/j_password for you, and then send the user onto the originally-requested page. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6M+fwACgkQ9CaO5/Lv0PCf7QCgiEzUtizqst/nDb0F9qrLeeb8 sbAAn0R85xOID9LtrPCSwIk54uZgssT3 =ssS3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org