Return-Path: 
 <users-return-185858-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 88857 invoked from network); 24 Sep 2008 15:13:05 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 24 Sep 2008 15:13:05 -0000
Received: (qmail 85330 invoked by uid 500); 24 Sep 2008 15:12:52 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 85018 invoked by uid 500); 24 Sep 2008 15:12:51 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 85007 invoked by uid 99); 24 Sep 2008 15:12:51 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Sep 2008 08:12:50 -0700
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of discip@pjm.com designates
 192.251.13.222 as permitted sender)
Received: from [192.251.13.222] (HELO smtp.pjm.com) (192.251.13.222)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Sep 2008 15:11:52 +0000
Received: from vams.smtp.pjm.com (localhost [127.0.0.1])
	by smtp.pjm.com (Postfix) with SMTP id 951EC1018DA
	for <users@tomcat.apache.org>; Wed, 24 Sep 2008 11:12:25 -0400 (EDT)
Received: from PRIVATE by PRIVATE with ESMTP id 7CAE41018DA
	for <users@tomcat.apache.org>; Wed, 24 Sep 2008 11:12:25 -0400 (EDT)
Received: from PRIVATE by PRIVATE with ESMTP id 77C09272D2
	for <users@tomcat.apache.org>; Wed, 24 Sep 2008 11:12:25 -0400 (EDT)
Received: from PRIVATE by PRIVATE with NetIQ MailMarshal 6.0 Service Pack 1a
 (v6,0,3,33)
	id <B48da58d90000>; Wed, 24 Sep 2008 11:12:25 -0400
Received: from PRIVATE by PRIVATE with Microsoft SMTPSVC(6.0.3790.3959);
	 Wed, 24 Sep 2008 11:12:25 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C91E57.F36159EE"
Subject: j_security_check requires session
Date: Wed, 24 Sep 2008 11:12:25 -0400
Message-ID: 
 <AE7CB56C86F9C6408268333BB7A29D6902C1F47C@EXC13VWP.corp.ds.pjm.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: j_security_check requires session
Thread-Index: AckeV/NUcF0AX6DTSh+9c2fsIcjadw==
From: <discip@pjm.com>
To: <users@tomcat.apache.org>
X-OriginalArrivalTime: 24 Sep 2008 15:12:25.0306 (UTC)
 FILETIME=[F380C3A0:01C91E57]
X-AntiVirus: checked by VAMS
X-Virus-Checked: Checked by ClamAV on apache.org

------_=_NextPart_001_01C91E57.F36159EE
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am having a problem posting credentials to j_security_check for
form-based authentication.
=20
It seems that tomcat expects that I already have a session established
before posting the username and password.  If I don't already have a
JSESSIONID cookie, j_security_check returns a 408.  Unfortunately, I
have another application attempting to talk to this one that requires
that the first thing it does is post credentials to the
j_security_check, so I have no mechanism of hitting another page first
to establish a session.
=20
This mechanism worked fine with BEA Weblogic, but it seems that tomcat's
handling of j_security_check is different.  Does anyone know of any
options to modify the behavior of j_security_check so that it would just
do the authentication and establish the session in one shot at the time
of the POST request?
=20
Thanks,
Paul

------_=_NextPart_001_01C91E57.F36159EE--