It works something like this in tomcat:
When you request a protected resource and you're not authenticated (either first time visit or previous session expired), a new session is created and the request (URL and query string if any) is saved in the session (in the part that internal to tomcat and not visible to webapp I believe). Then you're forwarded to the login page. After you put in your login credentials and the authentication is successful, the saved request is pulled out and you're redirected to the original requested resource.
If that session expired and thus the server couldn't find the saved request, you'll get that "Invalid direct reference to form login page" error.
This is part of the servlet spec and while I think it's a very nice idea, it doesn't work well if the request resource rely on some session objects which wouldn't be available with the new session.
On 8/1/2004 5:34 AM, Samuel V.Green III wrote:
With respect to " <user username="samuel" password="samuel" roles="tomcat,role1,manager,admin"/>
When I attempt a login at the Admin. Tool screen I'm entering UserName : samuel Password : samuel
I get the following errors: HTTP Status 400 - Invalid direct reference to form login page
And when examining localhost_log.2004-08-01.txt
I see these errors:
2004-08-01 04:20:52 StandardHost[localhost]: Error deploying application at context path null
java.lang.IllegalStateException: Context path /admin is already in use
2004-08-01 04:20:52 HostConfig[localhost] Error deploying configuration descriptor adminsample.xml
java.io.IOException: java.lang.IllegalStateException: Context path /admin is already in use
What do you mean by "properly configuring jsp support?" My jsp-examples page loads and works fine.
Thanks,
Samuel.
-- Dennis Dai [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]