Hi I'm running the Tomcat 4.0b5 build and am keen to use the SingleSingOn feature. When I configure the web.xml files to use basic authentication everything's fine but when using Forms based authentication it will insist on authenticating every web application. Also, after authentication with a form I always see http://.../j_security_check as the URL instead of the protected URL. I'm using a very sime servlet to authenticate (I see the same behaviour with an HTML based example I tried): public class Login extends HttpServlet { public void doGet (HttpServletRequest request, HttpServletResponse response) { try PrintWriter out = response.getWriter(); out.print("<html>\r\n<body>\r\n<h1>Login page for Websign</h1>\r\n\r\n<form method=\"POST\" action=\"j_security_check\" >\r\n <input type=\"text\" name=\"j_username\"> \r\n <input type=\"password\" name=\"j_password\"> \r\n \r\n <input type=\"submit\" name=\"j_security_check\">\r\n</form>\r\n\r\n</body>\r\n</html>\r\n"); out.flush(); } catch (Exception ex) { ex.printStackTrace(); } } } The web.xml files look like: <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/servlet/Admin</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>role1</role-name> </auth-constraint> </security-constraint> <!-- Use this for BASIC authentication --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Example Basic Authentication Area</realm-name> </login-config> <!-- Use this for forms based authentication --> <!-- <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/servlet/Login</form-login-page> <form-error-page>error.html</form-error-page> </form-login-config> </login-config> --> Have I configured my forms login badly? Has anybody had this working with a non-jsp authentications form?
