>>>>> "Lisa" == Lisa van Gelder <[EMAIL PROTECTED]> writes:
Lisa> Here is the bit of my web.xml file that deals with login. The whole of my Lisa> app should be protected. Lisa> My code never redirects, it leaves all the authentication up to tomcat. Lisa> <security-constraint> Lisa> <web-resource-collection> Lisa> <web-resource-name>My Lisa> Application</web-resource-name> Lisa> <url-pattern>/*</url-pattern> Lisa> <http-method>POST</http-method> Lisa> <http-method>GET</http-method> Lisa> </web-resource-collection> Lisa> <auth-constraint> Lisa> <role-name>myUser</role-name> Lisa> </auth-constraint> Lisa> </security-constraint> Lisa> <login-config> Lisa> <auth-method>FORM</auth-method> Lisa> <form-login-config> Lisa> <form-login-page>/login/login.jsp</form-login-page> Lisa> <form-error-page>/login/login-failure.jsp</form-error-page> Lisa> </form-login-config> Lisa> </login-config> I believe this might be due to the fact that you've declared the "login" directory as part of the protected resource. Try creating a subdirectory of the application root where all the pages go, except for the login and error pages, then specify that subdirectory as your protected resource. -- =================================================================== David M. Karr ; Java/J2EE/XML/Unix/C++ [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>