Ben, I'm not sure but I believe that I've seen mention that you can forward to a page that is not accessible to the outside. That is, put the Login.jsp page within WEB-INF of your web app and it will not be available to the outside world but you can forward to it from inside the web app.
I don't know if this will work because I have not tried it but it might. Brett ----- Original Message ----- From: "Ben Jessel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 16, 2002 11:14 AM Subject: Workaround for login page direct reference > Hi, > I've got a realm set up on Tomcat. It works fine - whenever I go to a > protected page, I am forwarded to the login.jsp page. > However, if I go to the login.jsp page directly and fill in my details I get > "Invalid direct reference to form login page". not surprising really as > tomcat would get itself into an endless cycle. > > Now what are the strategies for hiding this page, so a hapless user who goes > directly to the login page and enters his details doesn't get this message. > I'd want to forward them onto the index page. Any ideas? Would I explicity > bar the request of the requesting of the login page using my web server?..I > doubt it, as I reckon tht the realm probably uses a sendRedirect(). I guess > that I could check the refering page...hmm dunno...any ideas? > > Thanks > > -b > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>