tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dmk...@earthlink.net (David M. Karr)
Subject Re: Invalid direct reference to form login page
Date Fri, 10 May 2002 18:50:49 GMT
>>>>> "Lisa" == Lisa van Gelder <lisa.vangelder@digitalrum.com> writes:

    Lisa> Here is the bit of my web.xml file that deals with login. The whole of my
    Lisa> app should be protected.

    Lisa> My code never redirects, it leaves all the authentication up to tomcat.

    Lisa> 	<security-constraint>
    Lisa> 		<web-resource-collection>
    Lisa> 			<web-resource-name>My
    Lisa> Application</web-resource-name>
    Lisa> 			<url-pattern>/*</url-pattern>
    Lisa> 			<http-method>POST</http-method>
    Lisa> 			<http-method>GET</http-method>
    Lisa> 		</web-resource-collection>
    Lisa> 		<auth-constraint>
    Lisa> 			<role-name>myUser</role-name>
    Lisa> 		</auth-constraint>
    Lisa> 	</security-constraint>
    Lisa> 	<login-config>
    Lisa> 		<auth-method>FORM</auth-method>
    Lisa> 		<form-login-config>
    Lisa> 			<form-login-page>/login/login.jsp</form-login-page>
	
    Lisa> <form-error-page>/login/login-failure.jsp</form-error-page>
    Lisa> 		</form-login-config>
    Lisa> 	</login-config>

I believe this might be due to the fact that you've declared the "login"
directory as part of the protected resource.  Try creating a subdirectory of
the application root where all the pages go, except for the login and error
pages, then specify that subdirectory as your protected resource.

-- 
===================================================================
David M. Karr          ; Java/J2EE/XML/Unix/C++
dmkarr@earthlink.net


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message