> From: Sreyan Chakravarty [mailto:sreyan.mail...@gmail.com] > Subject: Re: HTTP 400 with Form based authentication
> My security constraint is as follow-: > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/index.jsp</form-login-page> > <form-error-page>/index.jsp?error=true</form-error-page> > </form-login-config> > </login-config> > This is my understanding of the whole process. Please don't tell me that I > have to put <form-login-page> as /teacher/success.jsp. If so then where do > I designate the login page ? One problem is that you have designated a welcome-file as the login page, pretty much forcing an infinite loop if a client doesn't request a specific resource. You want your login page to be completely separate (e.g., login.jsp) - it should never be directly referenced by a client. The server handles the replay of the original request once the login has been satisfied. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
