Login module should return false if not authenticated. If you need to
store messages for the user, i'll suggest you pass them another way
(like by using a ThreadLocal pattern)

Vincent Delhommois a écrit :

>Hello, I implements a solution with JAAS and userfilter on Tomcat.
>the loginmodule return always 'true' eventhough the password is wrong. I do 
>that to be able to return detail error messages to the login.jsp. (I use the 
>role principal to display messages).
>The filter is used to dispatch to the application pages or back to the 
>login.jsp page if the authentification failed.
>The error : " Etat HTTP 400 - Référence directe à la form de connexion (form 
>login page) invalide " OR "HTTP 400 : Invalid direct reference to form login 
>..." is displayed when I first logon with a wrong password and then I relog 
>with the correct password.
>It seems I didnot invalidate correctly the jaas or the session after the 
>failure.
>Do you have any idea ?
>Thanks
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to