I have the following in my web.xml and it works fine for me on 5.0.4: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp?error=true</form-error-page> </form-login-config> </login-config>
A couple changes that I've noticed though: When I'm routed to the login page, the browser's address bar says the URL I requested, rather than "/login.jsp" - very cool! Also, I found that request.getRequestURL() does show me the page I requested. This was not the case in 4.1.24. This is awesome IMO b/c now users will not bookmark "/login.jsp". And even if they do type it in (ctx/login.jsp), my 400 error page routes them to "index.jsp" which goes to the main menu. All of this did not work in 4.1.24 and now it does in 5.0.4. Happy day. Matt -----Original Message----- From: Oleg S. Estehin [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 8:39 AM To: [EMAIL PROTECTED] Subject: Tomcat 5.0.4 fails to serve form-login-error page properly Hi I am porting my application from Tomcat 4.1.24 to Tomcat 5.0.4 (i.e. porting from Servlets 2.3/JSP 1.2 to Servlets 2.4/JSP 2.0). I have a servlet mapped to "/auth" that produces the page with login form. Form based authentication is set with the following fragment of the deployment descriptor: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/auth</form-login-page> <form-error-page>/auth?action=error</form-error-page> </form-login-config> </login-config> When the servlet is called with "?action=error" query string it displays additional warning besides the login form. It was working perfectly in Tomcat 4.1.24 but it works in Tomcat 5.0.4 only in half: When user tries to access protected page he is presented with login page. If he enters valid login/password then he receives access to the resourse. But if the user enters invalid login/password then instead of form-error-page Tomcat displays "HTTP Status 405 - HTTP method POST is not supported by this URL" error with URL "http://myhost.here/j_security_check". I have tried to set up AccessLogValve and RequestDumpValve and to set debug attribute on every element in servlet.xml and my context.xml (where applicable) in order to try to understand what is going on inside Tomcat 5, but no luck so far - request damp just shows that 1) there was request to protected resourse 2) Tomcat returned form-login-page 3) user sent it back with invalid login/password 4) Tomcat returned error 405. I had expected that there should be output from Realm between 3) and 4) but there is not. So, at the moment the conclusion is that the code that worked perfectly in Tomcat 4.1.24 doesn't work in Tomcat 5.0.4 and i don't know why but i would be delighted if somebody will help me to find this out :) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]