Dear all, I've installed tomcat4.0 and a simple website used for testing authentication (JNDI Realm). I have the following problem. The authentication (against LDAP) works fine. I'm redirected to the index.htm page (simple main page). But when I press the back button and go back to the login page and try to login again, I get the following error message (this does NOT happen when I explicitly logout (session.invalidate()) before). Does anyone know whether this is a config error from my side or a bug in tomcat? I prefer a declarative authentication above a programmatic authentication.
Error message: Apache Tomcat/4.0.3 - HTTP Status 404 - /login/j_security_check type Status report message /login/j_security_check description The requested resource (/login/j_security_check) is not available. I'm using the following data : ==> website structure tomcat4.0 /conf /server.xml /webapps /TestLogin /WEB-INF /web.xml /index.htm /login /login.jsp ==> server.xml (Realm setup): <Context path="/TestLogin" docBase="TestLogin" debug="99" reloadable="true" useNaming="true"> <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:389" connectionName="cn=Directory Manager" connectionPassword="mypwd" debug="99" roleBase="ou=Accounts,dc=mycompany,dc=com" roleName="cn" roleSearch="(eeuniquemember={0})" roleSubtree="false" userPattern="cn={0},ou=Members,dc=mycompany,dc=com" userPassword="userPassword" /> </Context> ==> web.xml <web-app> <welcome-file-list> <welcome-file>index.htm</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name></web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description></description> <role-name>4</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>4</role-name> </security-role> </web-app> ==> login.jsp page <html> <head> <title>Login</title> <% if (request.getParameter("mode") != null) { session.invalidate(); } %> <body bgcolor="white"> <form method="POST" action='j_security_check' > <table border="0" cellspacing="5"> <tr> <th align="right">Username:</th> <td align="left"><input type="text" name="j_username"></td> </tr> <tr> <th align="right">Password:</th> <td align="left"><input type="password" name="j_password"></td> </tr> <tr> <td align="right"><input type="submit" value="Log In"></td> <td align="left"><input type="reset"></td> </tr> <tr> <td align="right"><a href="http://localhost:8080/TestLogin/login/login.jsp?mode=logout">Log Out</a></td> <td align="left"> </td> </tr> </table> </form> </body> </html> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>