It sends you the html form you specify in the <form-login-config> section of web.xml
See chapter 12 (Security) Appendix A (Deployment Descriptor) of Servlet Spec 2.3 for details. http://java.sun.com/products/servlet/download.html#specs Martin -----Original Message----- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: 01 April 2004 15:39 To: Tomcat Users List Subject: How does Tomcat manage Form-based authentication? With BASIC authorization, which I used to use, the browser was sent an "Authorization" header. This doesn't happen with FORM-based authorization. I believe Tomcat deals with it all, but how? Anybody know? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
