Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 4738 invoked from network); 25 Nov 2006 15:21:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Nov 2006 15:21:50 -0000 Received: (qmail 66484 invoked by uid 500); 25 Nov 2006 15:21:47 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 65781 invoked by uid 500); 25 Nov 2006 15:21:44 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 65770 invoked by uid 99); 25 Nov 2006 15:21:44 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Nov 2006 07:21:44 -0800 X-ASF-Spam-Status: No, hits=3.9 required=10.0 tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [209.191.69.19] (HELO web30002.mail.mud.yahoo.com) (209.191.69.19) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 25 Nov 2006 07:21:31 -0800 Received: (qmail 63064 invoked by uid 60001); 25 Nov 2006 15:21:10 -0000 Message-ID: <20061125152110.63062.qmail@web30002.mail.mud.yahoo.com> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=HeGWzLsNCByAr8yN5eKUBGJFAK0o+uzQVhGSEfFB0AajvxSeHZ09xdrIya6GBTtvUmFo2jbvWY25gAAQW+iQJiQgopcm1hBOe5H27dpMlDkiLmsp6hIz2iQc2yj26ztvHcKduYjMzlGAag+fnPeaDjo/tsuBt2vn6ebvBVHy/Gg=; X-YMail-OSG: hY6yUXoVM1ldlAsBWp8pkGXtrBCGHmulJoPv6Kaa2Uc.8A9OXm1S7uvF1CFfBWmaf5Ql3VnMtmqsSMIptNPqWX9Ob2yOM9QDNJI.bmxIJ6717lMg4Qg_rP9bFoT2Gf7GfS0kQbLDOMGUs3E- Received: from [195.92.67.74] by web30002.mail.mud.yahoo.com via HTTP; Sat, 25 Nov 2006 15:21:09 GMT Date: Sat, 25 Nov 2006 15:21:09 +0000 (GMT) From: Asare Samuel Subject: Re: Realms To: Tomcat Users List In-Reply-To: <2e851c270611250301r4ca44fb0xfde48888aa546ed4@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1750678634-1164468069=:62328" Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org --0-1750678634-1164468069=:62328 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit olivier nouguier, Thank you so much, a great help! sam olivier nouguier wrote: On 11/25/06, Asare Samuel wrote: > > Thank you for your speedly reply. Let me get this straight are you saying > you can't access the login page directly and that the only thing that should > be accessed directly is the item (ie page)your are protecting. Yes definitively, when using FORM scheme ! If so, you have hit the nail on the head. I am currently allowing the user > to access the login page first, and then the system passes users to the > secured page. This is wrong according to your mail??? Yap, all you have to is to point on a secured resource, the user will be redirected (internaly aka forward (tomcat > 5)) to the login page! sam > > > olivier nouguier wrote: > hi, > You are using the FORM authentication scheme! > This scheme imply that: > 1: a secured resource is accessed. > 2: login (error-page) is given > 3: login occures > 4: secured resource (1) is given (with a GET !) > > 408 error code may occurs if: > a - login page is access directly ( starting at stage 2). > b - session expired between stage 2 and 3. > > To avoid (a) you should set error-page hidden ( eg /WEB-INF/jsp/login.jsp) > if tomcat > 5 > The treat (b) you should have a custom 408 error page > > HIH > > On 11/24/06, Asare Samuel wrote: > > > > I have put a realm on a page on one of my Html pages using the FORM > based > > realm. 1-sometimes i get this message: message HTTP Status 408 - > > The time allowed for the login process has been exceeded. If you wish to > > continue you must either click back twice and re-click the link you > > requested or close and re-open your browser description The client did > > not produce a request within the time that the server was prepared to > wait > > (The time allowed for the login process has been exceeded. If you wish > to > > continue you must either click back twice and re-click the link you > > requested or close and re-open your browser). 2-If I have already > > loged-in and I login again, i get the following: > > > > HTTP Status 404 - /LeeOasis/html/j_security_check > > > > type Status report > > message /LeeOasis/html/j_security_check > > description The requested resource (/LeeOasis/html/j_security_check) is > > not available. > > > > Please help > > > > > > --------------------------------- > > Try the all-new Yahoo! Mail . "The New Version is radically easier to > use" > > � The Wall Street Journal > > > > > > -- > "Souviens-toi qu'au moment de ta naissance tout le monde �tait dans la > joie > et toi dans les pleurs. > Vis de mani�re qu'au moment de ta mort, tout le monde soit dans les pleurs > et toi dans la joie." > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > -- "Souviens-toi qu'au moment de ta naissance tout le monde �tait dans la joie et toi dans les pleurs. Vis de mani�re qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie." Send instant messages to your online friends http://uk.messenger.yahoo.com --0-1750678634-1164468069=:62328--