raj wrote: >> The user-experience stays the same: When the user access any url in >> the protected area, the login page will pop up and after he provides >> correct information he will be directed to the page he requested. >> For Tomcat 3, just make sure the login page is outside the protected >> area, for tomcat 4 it does not matter. >> >> Luc Vanlerberghe >> > > Hi Luc, > > I tried form based login by just disabling BASIC and adding FORM (as > below) to my web.xml file: > <login-config> > <!-- > <auth-method>BASIC</auth-method> > --> > <realm-name>ClaroLogic</realm-name> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/LoginForm.html</form-login-page> > <form-error-page>/LoginError.html</form-error-page> > </form-login-config> > </login-config> > > But I end up getting a 404 error always (with the browser URL reading: > http://192.168.0.20/testservlet/j_security_check) > > I tried putting LoginForm.html and LoginError.html at the webapps > level (and chaged the web.xml) as below: > > <form-login-config> > <form-login-page>/../LoginForm.html</form-login-page> > <form-error-page>/../LoginError.html</form-error-page> > </form-login-config> > > But now I get the 404 error with the URL reading > (http://192.168.0.20/j_security_check). > > > Aaaarrrrgggghhh! > > Tomcat version is 3.2.3. Any ideas/suggestions would be gratefully > gobbled. I cannot use 4.0 because > Cloudscape (the D/base) does not work with 4.0. > > Aaaarrrrgggghhh! (again) > > Cheers > -raj > The login page should be in your webapp, but outside the protected area. If you are using an apache/tomcat combination, make sure apache sends the "j_security_check" to tomcat and not only *.jsp
Luc