Greg Wilkins <[EMAIL PROTECTED]> writes:
> Nicolai P Guba wrote:
>
> > Greg Wilkins <[EMAIL PROTECTED]> writes:
> >
> >>Nicalai,
> >>
> >>RC9 contains a bug with FORM authentication. If the
> >>URL j_security_check is not covered by the security contraint
> >>then it is not handled correctly. I know this is counter
> >>intuitive and it has already beed fixed for the next release.
> >>
> > Greg, thank you for the pointer. Could you kindly provide me with a
> > more concise example on how I can fix this?
>
> The simplest thing to do is to probably get
>
> ftp://jetty.mortbay.org/pub/nightly/Jetty3-latest/lib/org.mortbay.jetty.jar
>
> And replace the org.mortbay.jetty.jar in your release.
>
Greg
I've tried this fix but the problem persists. Unfortunately tomcat
and jetty seem to behave different when it comes to the security bit.
For eg, when I had a page in the /protected area and wasn't logged on,
I got the logon screen from Tomcat. However, Jetty gives me
HTTP ERROR: 500 Internal Server Error
RequestURI=/restricted/
And the url on top of the browser says
http://ejb.frontwire.com/restricted/?
Ok. Now let's got to the login page directly and the output is the
same as before.
HTTP ERROR: 404 Not Found
Could not find resource for /j_security_check
RequestURI=/j_security_check
Hmmmm.
--
Nicolai P Guba http://www.gnu.org http://www.frontwire.com
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
GSM: +44 (0)7909 960 751 DDI: +44 (0)20 7368 9708
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user