Mike Slinn wrote:
> Message-ID: <[EMAIL PROTECTED]>
>
> I read in org.apache.tomcat.request.JDBCRealm.java that the proper URI
> should be "/j_security_check", and that if the preceeding "/" is not
> present, or if another path is prepended, the path is normalized to
> "/j_security_check".
>
If that comment is there (I'm offline at the moment and cannot check),
then it
is wrong. The servlet 2.2 spec *requires* that the URL be
"j_security_check"
without any leading slash or path information.
>
> If this URI is recognized, and the path requires security handling,
> JDBCRealm.java then prepares a SQL statement to query the database, using
> the information specified in the JDBC <RequestInterceptor> in server.xml.
>
> Now, if only I could get it to trigger...
>
Have you tried the standard example application? It has a page
protected by
form-based authentication at:
http://localhost:8080/examples/jsp/security/protected
You will note that the user *never* references the form login page
directly --
it is only referenced by the container, the first time a user tries to
access a
protected area.
>
> Mike
>
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
