Kevin,
As I was fixing Bugzilla #2768 (form based login was losing the query
string when redirecting back to the original page), I tried out your
scenario using the examples app included with Tomcat:
http://localhost:8080/examples/jsp/security/protected/index.jsp
and it seemed to work correctly. I'd be very interested in a test case
that fails on tonight's nightly build (20010725).
Craig
On Tue, 24 Jul 2001, Kevin Jones wrote:
> I can't get form based logon to work reliably in Beta6 (in fact I've had
> problems for a while)
>
> I have a webapp (called course) and a sub directory (gjava) which is
> protected. I'm using form based logon with the username and password in
> tomcat-users.xml.
>
> i) If I try and access a resource in \course\gjava I get the logon page, if
> I enter a valid username and password everything works.
>
> ii) If I try and access a resource in \course\gjava I get the logon page, if
> I enter an invalid username and password I get the logon page again - *not*
> the error page.
>
> iii) If I try and access a resource in \course\gjava I get the logon page,
> if I enter a valid username and password everything works. But if I hit the
> back button and then enter an invalid username/password I get redirected
> here http://localhost/course/gjava/j_security_check and get a 404 error
>
> iv) If I try and access a resource in \course\gjava I get the logon page, if
> I enter an invalid username and password I get the logon page again - *not*
> the error page. If I now enter the correct password I get the error page,
>
> Kevin Jones
> DevelopMentor
> www.develop.com
>
>
