Do you have the <form-error-page> set to something different than the <form-login-page>? That is the normal means to inform the user that something was wrong with the username/password combo they typed in. Of then the <form-error-page> is nearly identical to the form-login-page, except that a "bad username/password combination" error message is displayed. But you are free (and responsible for) creating both pages, and thus have full control over their appearance.
The same error is typically displayed no matter what was wrong with the username/password the user supplied. It may be attractive to be able to tell them that the username they enetered does not exist in the system, or that the username was good but the password was wrong, etc. But be aware that providing such messages has some security cost. If someone is trying to break in, they can use that information to find a real account and then just focus on choosing the right password. If they get the same "it didn't work" message for each failed attempt no matter what wa wrong with it, they won't even know if they are trying to get into a valid user account. If you do wish to provide more informative error messages, you can have the form-error-page get the j_username and j_password from the request (this typically works, though I am not sure it is guaranteed to work on all containers) and use that information to figure out what went wrong. The results of that check can be used to provide a more descriptive error message. -Max ----- Original Message ----- From: "Mick Knutson" <[EMAIL PROTECTED]> To: "struts" <[EMAIL PROTECTED]> Sent: Sunday, September 28, 2003 12:13 PM Subject: [OT] Error Messages using standard security constraint? > I am using the standard web.xml security constraint with JBoss, and if a > user enters a wrong username and/or password, there is not an error message > generated to tell about the error. I just get the same logon form page. How > do I add an error message in the struts manner? > > --- > Thanks > Mick Knutson > > coming soon: > Your SOS: Your personal emergency contact system. > http://YourSos.com > > +001(805) 563-0666 Office > +001 (708) 570-2772 Fax > --- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]