Follow the Tomcat [tag:tomcat]'s tutorial for form-based authentication, I've tried it out in localhost.
My purpose is to protect /lvyouzaike/admin/* I've mapped the domain name www.lyzk.org to $(TomcatPath)/webapps/lvyouzaike directory. I aim to let login.jsp shown when I type http://www.lyzk.org/admin/index.jsp, suppose index.jsp is one of the files to be protected.
Next I post related files.
majority code of web.xml
context.xml under $(TomcatPath)/lvyouzaike/META-INF
related code of server.xml under $(TomcatPath)/conf
login.jsp under $(TomcatPath)/lvyouzaike
index.jsp under $(TomcatPath)/lvyouzaike/admin where I wanna protect
Notice that in localhost everything runs well: when I type "localhost/admin/index.jsp", the login page is shown and I have to log on with correct name and password. Yet when I input "http://www.lyzk.org/admin/index.jsp", it is there directly without the expected appearance of login.jsp.
So what's the problem? Thanks a lot for your help.
I don't think you're supposed to do an encodeURL on the form doing the j_security_check. The J2EE container login/loginfail forms do not have their own URLs, but are managed entirely by the Tomcat server.
Also, if you define a Context in tomcat's server.xml, it should completely override all elements of a context defined in the WAR it references. The WAR META-INF/context.xml is only used when there's no explict server-defined context.
An IDE is no substitute for an Intelligent Developer.