Thomas Strauß wrote: ...
We have not succeeded so far. I want to give you some more information what happens, the context.xml and the web.xml What we have changed versus the existing setup, working on 7.0.11 - We have moved the login.jsp into the protection domain (was outside before). This did not remove the issue. - We have changed the preemptiveAuthentication setting. This did not remove the issue. This is the flow through the system that we can see: Client sends request to /portal /portal is not protected /portal/jsp/main.jsp is welcome page and protected (see web.xml) portal context configures formauthentication on the protection domain Tomcat redirects/forwards incoming call to /jsp/login.jsp (protected resource)
I have not followed in the details, and maybe I am talking out of turn here, but isn't there a "loop" problem if the login.jsp page is itself protected ? (Like it will trigger the authentication, which will trigger a redirect to login.jsp, which will trigger the authentication, which will... etc.)
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
