All, My solution was to bypass it all together. I wanted to use that realm in order to enable single sign on for multiple webapps. After a week of struggling with problems exactly like you described, I finally gave up. After thinking for a few minutes I guessed (correctly) that single sign on after authentication can be accomplished easily by setting a cookie (which is what the catalina code does) since a cookie can easily survive between calls to different webapps. I had already had code in my servlet and jsp pages to check for a "logged In" object in the users session. I just modified it slightly to check for the cookie as well. It works great and I don't have any of the issues of redirecting to pages that come with using the form based authentication.
<mike/> -----Original Message----- From: Maxime Colas des Francs [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 8:43 AM To: Tomcat Users List Subject: HTTP 404 on j_security_check Hi I use a Form based authentification in web.xml : [...] <login-config> <auth-method>FORM</auth-method> <realm-name>Authentication Area</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login_failed.jsp</form-error-page> </form-login-config> </login-config> [...] in login.jsp : [...] <form method="GET" action="j_security_check"> <input type="text" name="j_username"> <input type="password" name="j_password"> </form> [...] authentification works great but after, if i click on the "Back" button of my browser to go back on the login page and i try the authentification again, Tomcat launch a HTTP 404 error on /j_security_check (page refresh don't change anything) in access.log (i protect /pages/* and login form is in /login.jsp): 10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /pages/home.jsp HTTP/1.1" 302 764 10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /login.jsp HTTP/1.1" 200 7070 10.20.0.7 - - [10/Sep/2002:11:01:21 -0500] "GET /j_security_check?j_username=bob&j_password=bob HTTP/1.1" 302 764 10.20.0.7 - bob [10/Sep/2002:11:01:23 -0500] "GET /pages/home.jsp HTTP/1.1" 200 5018 here, all is ok , i'm authentified as bob (i think that 302 HTTP return code is a good thing ? servlet redirection ??) now i click on back button and attempt to re-authentifiate bob and ... 10.20.0.7 - bob [10/Sep/2002:11:01:29 -0500] "GET /j_security_check?j_username=bob&j_password=bob HTTP/1.1" 404 734 404 error ... Do you have a solution ? Thanks a lot. (bilingue english/french) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>