Thanks for the answer. You are right, I will check this solution with the
ThreadLocal pattern (i don't know at all).
I used the filter and the loginModule returns always 'true' beacuse it's not
easy to pass some messages 'wrong password', 'validity perdio expired', etc...
to the login.jsp in case of a wrong authentification.
Thanks
PS : Do you have any example of a solution with threadlocal ?
> Message du 23/02/06 à 10h19
> De : "David Delbecq"
> A : "Tomcat Users List"
> Copie à :
> Objet : Re: JAAS : HTTP 400 Invalid direct reference to form login ... (JAAS
> + Filter + j_security_check)
>
> Login module should return false if not authenticated. If you need to
> store messages for the user, i'll suggest you pass them another way
> (like by using a ThreadLocal pattern)
>
> Vincent Delhommois a écrit :
>
> >Hello, I implements a solution with JAAS and userfilter on Tomcat.
> >the loginmodule return always 'true' eventhough the password is wrong. I do
> >that to be able to return detail error messages to the login.jsp. (I use the
> >role principal to display messages).
> >The filter is used to dispatch to the application pages or back to the
> >login.jsp page if the authentification failed.
> >The error : " Etat HTTP 400 - Référence directe à la form de connexion (form
> >login page) invalide " OR "HTTP 400 : Invalid direct reference to form login
> >..." is displayed when I first logon with a wrong password and then I relog
> >with the correct password.
> >It seems I didnot invalidate correctly the jaas or the session after the
> >failure.
> >Do you have any idea ?
> >Thanks
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
