Thank you for your reply. I am using container managed authentication.
My problem is "how to go from j_security_check back to
my Struts framework."
That turns out to not be your problem ... that is the container's problem.
The key thing to remember is that the user should never access your login page (whatever it's URL is) directly. Instead, form-based login is triggered the first time that an unauthenticated user requests a URL that is protected by a security constraint. What happens next goes like this:
(1) Unauthenticated user requests a protected resource (*NOT* the login page!)
(2) Container remembers the protected resource that was requested
in a private variable.(3) Container displays the login page, which must have a destination
of "j_security_check", and waits for the user submit. For some containers,
including Tomcat, this is the one-and-only time that submitting to
"j_security_check" will not return a 404.
(4) User enters username and password, and presses the submit button.
(5) Container authenticates the username and password combination.
If valid, container recalls the resource saved in (2) and displays *that*
to the user in response to the login submit.
If this doesn't make sense, temporarily switch your app to use BASIC authentication instead, and walk through the process. The user experience will be identical except that the "login page" will be a popup dialog box instead of your configured login page. (Technically, it's different in one other respect -- it's the *browser* that does the remembering in step (2) and the restoring in step (5), but the user doesn't know that).
The important point is that, at no time, did anyone ever submit a request to the URL of the login page, because there is no such thing when using BASIC authentication. You should pretend there is no such thing when using form based login, also; think of the login page as part of the container, not part of your app.
In answer to your original question, the simplest thing to do on a login page is just use the standard HTML form element instead of the Struts <html:form> tag. Then, you can just say:
<form method="POST" action="j_security_check"> ... </form>
Craig
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
