With this security:
<web-resource-collection> <web-resource-name>SSL 4 Login</web-resource-name> <url-pattern>/login.do</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint>
when I try to login to my login.do mapping, in mozilla I get repeated login requests from tomcat. The first time twice only, the 2nd time 5 times, 3rd time 10 times etc etc.
I can see from my logging that the realm login is successful, but tomcat keeps giving the login page as stated.
This does not happen in IE6 or lynx, in which the login works as normal.
Has anybody else experienced this?
Did you get correctly switched to SSL mode ?
Yes. I have reduced the webapp to a minimum and bundled it in a war at http://www.cyberspaceroad.com/test.war (right click it & "save target as...") if you want to see what I'm doing. It contains the struts.jar and is therefore 0.85MB. If you don't have broadband I can bundle it without the jars too.
Sometimes the ssl form-based authentication loops on the login page, and sometimes it gives the "invalid direct reference" error.
As mentioned above, the non-SSL normal form-based login works fine.
In IE6 it works fine too.
Rgds Adam
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
