The most basic way i see is to have a class with 3 static methods and one static field:: setMessage(), getMessage(), clearMessage()
private static ThreadLocal message = new ThreadLocal; ... message.set(theMessage); ... return (String)message.get(); your jaas would do a setMessage() and your error.jsp wouold do a getMessage() be carefull, this class must be visible to both you jaas and your webapp Vincent Delhommois a écrit : > >Thanks for the answer. You are right, I will check this solution with the >ThreadLocal pattern (i don't know at all). >I used the filter and the loginModule returns always 'true' beacuse it's not >easy to pass some messages 'wrong password', 'validity perdio expired', etc... >to the login.jsp in case of a wrong authentification. >Thanks >PS : Do you have any example of a solution with threadlocal ? > > > >>Message du 23/02/06 à 10h19 >>De : "David Delbecq" >>A : "Tomcat Users List" >>Copie à : >>Objet : Re: JAAS : HTTP 400 Invalid direct reference to form login ... (JAAS >>+ Filter + j_security_check) >> >>Login module should return false if not authenticated. If you need to >>store messages for the user, i'll suggest you pass them another way >>(like by using a ThreadLocal pattern) >> >>Vincent Delhommois a écrit : >> >> >> >>>Hello, I implements a solution with JAAS and userfilter on Tomcat. >>>the loginmodule return always 'true' eventhough the password is wrong. I do >>>that to be able to return detail error messages to the login.jsp. (I use the >>>role principal to display messages). >>>The filter is used to dispatch to the application pages or back to the >>>login.jsp page if the authentification failed. >>>The error : " Etat HTTP 400 - Référence directe à la form de connexion (form >>>login page) invalide " OR "HTTP 400 : Invalid direct reference to form login >>>..." is displayed when I first logon with a wrong password and then I relog >>>with the correct password. >>>It seems I didnot invalidate correctly the jaas or the session after the >>>failure. >>>Do you have any idea ? >>>Thanks >>> >>> >>> >>> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]