Login module should return false if not authenticated. If you need to store messages for the user, i'll suggest you pass them another way (like by using a ThreadLocal pattern)
Vincent Delhommois a écrit : >Hello, I implements a solution with JAAS and userfilter on Tomcat. >the loginmodule return always 'true' eventhough the password is wrong. I do >that to be able to return detail error messages to the login.jsp. (I use the >role principal to display messages). >The filter is used to dispatch to the application pages or back to the >login.jsp page if the authentification failed. >The error : " Etat HTTP 400 - Référence directe à la form de connexion (form >login page) invalide " OR "HTTP 400 : Invalid direct reference to form login >..." is displayed when I first logon with a wrong password and then I relog >with the correct password. >It seems I didnot invalidate correctly the jaas or the session after the >failure. >Do you have any idea ? >Thanks > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]