Hello, I implements a solution with JAAS and userfilter on Tomcat.
the loginmodule return always 'true' eventhough the password is wrong. I do
that to be able to return detail error messages to the login.jsp. (I use the
role principal to display messages).
The filter is used to dispatch to the application pages or back to the
login.jsp page if the authentification failed.
The error : " Etat HTTP 400 - Référence directe à la form de connexion (form
login page) invalide " OR "HTTP 400 : Invalid direct reference to form login
..." is displayed when I first logon with a wrong password and then I relog
with the correct password.
It seems I didnot invalidate correctly the jaas or the session after the
failure.
Do you have any idea ?
Thanks
