This is possibly a shot in the dark. But in your login.html page have you defined <FORM METHOD="POST"...>? Hope this helps. Thanks RS
"Anil Paul" <[EMAIL PROTECTED]> on 02/02/2002 10:58:32 AM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Subject: Problem with POST and FORM based authentication Dear all, I am trying to apply a security contraint on POST requests to my servlet. I specifed it in my web.xml as: <security-constraint> <web-resource-collection> <web-resource-name>posttest</web-resource-name> <url-pattern>/servlet/TestServlet</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint>...</auth-constraint> <user-data-constraint>...</user-data-constraint> </security-constraint> I defined the login config as follows: <login-config> <auth-method>FORM</auth-method> <realm-name>testrealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> Problem: When I send a POST request to TestServlet from the brower (by submitting a form), I get the login.html page as expected. However, when I submit the username/password , doGet of TestServlet is getting called instead of doPost()! To be sure that my settings are all right, I changed the login-config from FORM to BASIC, and everything worked fine. ie., after submitting the login page, doPost of the servlet is called. So, it's only with the FORM based authentication that there is a problem. I also tested this configuration on JRun and it also has the same issue. Can somebody please throw some light on it? May be I am not doing something right. Please help, Paul. _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>