Hi! I am developing an application using FORM-based authentification and JDBCReal from Tomcat 4.0.3 (and Tomcat 4.0.4 also checked).
Two problems occure: 1. Authenticating with wrong role never allows to re-login again. When user tries to login with correct username/password, but not isUserInRole() to access requested resource then Tomcat returns 403 error code and you never can get back to login screen to relogin with the correct role (other username). Requesting the login URL directly and then submitting the data results in 404 error code: "The requested resource (/j_security_check) is not available." 2. 400 error code: Ivalid direct reference to login page after logoff and session timeout. In my application when user is logged of he is redirected to the context root (exactly to the welcome file) URL, which results in a new redirect to the login screen. But if the session times out then logging in results in 400 error code. The user should strip the login.html from the URL manually and then try again to enter the application. So, the question is: am I doing something wrong, are there any workarounds or these are bugs in Tomcat and are fixed already (in which version?) or will be fixed soon? My config: - WinNT 4.0 - JDK 1.3.1 - Tomcat 4.0.3/4.0.4 (Antything else?) Thanks in advance. Regards, Konstantin Piroumian -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>