This mean you tried to access login form directly. This is not allowed in j2ee specifications. Access to login form should only be triggered by server on demand. You can't force a login. To access login page, simply put a link to saraf/index.html (simple example) Prashant Saraf a écrit :
>i have a problem in Tomcat & jsp >when i use j_security_check it gives me following error. >The request sent by the client was syntactically incorrect (Invalid direct >reference to form login page >why this so >my web.xml.... > ><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?> > > ><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee " > xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance " > xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee >http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd >" > version=3D" 2.4"> > > <description> > My first jsp example > </description> > <display-name>Work on Jsp</display-name> > > <security-constraint> > <display-name>TestApp Security Constraint</display-name> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <!-- Define the context-relative URL(s) to be protected --> > > <!-- If you list http methods, only those methods are protecte= >d >--> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > <url-pattern>/saraf/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <!-- Anyone with one of the listed roles may access this area >--> > <role-name>*</role-name> > </auth-constraint> > </security-constraint> > > <!-- Default login configuration uses form-based authentication --> > <login-config> > <auth-method>FORM</auth-method> > <realm-name>Form-Based Authentication</realm-name> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/error.jsp</form-error-page> > </form-login-config> > </login-config> > <!-- Security roles referenced by this web application --> ></web-app> > > >-- >Cup of Java + Suger of XML = Secure WebApp > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
