Thanks for that - but what it describes is what I have done, I think. The problem is:
If you have the servlet definitions and mappings, the page isn't found - Since they are JSPs above web-inf in the context folder I think they don't need them. If you don't have the mappings then you get: "HTTP Status 400 - Invalid direct reference to form login page" - with a correct pw/un org.apache.catalina.authenticator.FormAuthenticator authenticate WARNING: Unexpected error forwarding to error page java.lang.NullPointerException with incorrect un/pw i.e. FormAuthenticator cannot forward to say the error page Chris ----- Original Message ----- From: "Goel, Manish Kumar" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, December 21, 2004 2:26 PM Subject: RE: FORM based authentication config Hi, see this this might help you http://www.webservertalk.com/message633890.html cheers Manish -----Original Message----- From: Chris Chappell [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 7:45 PM To: Tomcat Users List Subject: FORM based authentication config Hi I'm having trouble getting form based authentication to work. Any help much appreciated. I'm missing something simple I'm sure. (TC 5.0.19, W2K, Mysql4) I am using a JDBC Realm which works fine with BASIC auth. After changing to FORM and try http://127.0.0.1:8080/MyApp/security/protected/login.jsp I get: The requested resource (/MyApp/security/protected/login.jsp) is not available. To set this up I copied the files from the JSP examples - login.jsp, error.jsp in folders \security\protected to \MyApp\security\protected\ I copied web.xml parts: <servlet> <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name> <servlet-class>org.apache.jsp.security.protected_.error_jsp</servlet-class> </servlet> <servlet> <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet- name> <servlet-class>org.apache.jsp.security.protected_.index_jsp</servlet-class> </servlet> <servlet> <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name> <servlet-class>org.apache.jsp.security.protected_.login_jsp</servlet-class> </servlet> and mappings <servlet-mapping> <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name> <url-pattern>/security/protected/error.jsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name> <url-pattern>/security/protected/index.jsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name> <url-pattern>/security/protected/login.jsp</url-pattern> </servlet-mapping> with <security-constraint> <web-resource-collection> <web-resource-name>Calendar</web-resource-name> <url-pattern>/Calendar</url-pattern> <!-- ...more... --> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> <role-name>sysadmin</role-name> </auth-constraint> </security-constraint> and configured <login-config> <auth-method>FORM</auth-method> <realm-name>MyApp</realm-name> <form-login-page>/security/protected/login.jsp</form-login-page> <form-error-page>/security/protected/error.jsp</form-error-page> </login-config> Chris **************************************************************************** ******* Information contained in this email message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the [EMAIL PROTECTED] and destroy the original message. **************************************************************************** ********** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]