Status 400 - Invalid direct reference to form login page The above error is generated when a user bookmarks the login page on an application server where container managed security is used.
Does anyone have an elegant way of dealing with this error? Putting a note on the login page saying, “Please don’t bookmark me.” is obviously inelegant. There does not seem to be a work around because j_security_check must be called from the container. All my attempts to call j_security_check directly failed. My attempts to create a filter also failed because I could not find a differentiator in the request between a “bad” call to the login page and a “good” call. I could force entry through an intermediate page by creating an error-page entry in the web.xml: <error-page> <error-code>400</error-code> <location>intermediatePage.jsp</location> </error-page> The intermediate page could have a link to a protected entry point (from which the container would call the login page). But, “Status 400” is a general bad request, not necessarily this specific bad request. Note: If your <location> is a protected resource and you forward a user to that location by creating an error-page reference in web-xml, the user will get to the protected page, but not be authenticated. It seems that authentication is only invoked when it comes through a browser not through a forward or redirect. Actually, it seems that the only answer is to junk the container managed security wired into Tomcat and use the SecurityFilter project at SourceForge or write my own. Any thoughts? __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]