hi juha, regarding your last paragraph, i think this is the intention of the servlet-spec - and the only "real" usage. all other types of login should be done differently but not via j_security_check.
jan -- Jan Heise / Tel: +49-163-4803237 / E-Mail: [EMAIL PROTECTED] -----Ursprungliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Juha Paananen Gesendet: Dienstag, 2. Oktober 2001 15:52 An: Orion-Interest Betreff: Form-based login Hi! In WebLogic 6, the j_security_check recognizes a parameter "j_target_url". I don't think this is part of the J2EE spec, but a WebLogic feature instead. Do you know if there's an equivalent to this in Orion? At least, this j_target_url doesn't seem to work. I need this in a website where there is always (at least, when user has not logged in) a small "login form" visible in the left column, and this form should be submitted to j_security_check and then a specific "welcome page" should be displayed. If I just post the form to j_security_check, I get an error message in the browser "You are not authorized to view this page".. The only way I've managed to make the form-based login to work, is by surfing to some page that has a security-constraint. In this case, Orion takes me to the login form and then to the originally requested page, just as it is supposed to do.. Thanks, Juha