I am developing an application using form-based uthorization in
Tomcat 4.0.3.
(My basic problem is that I want to log out, but until then I have another problem first..)
In my web.xml I have defined the login page:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
The login page basically consist of the standard
<form name="loginForm" method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="Login Now">
</form>
It all works fine. When I try to access web-resource-collections protected by a security-constraint in web.xml I get redirected to login.jsp.
But if I go to login.jsp directly I get this strange behavior:
When entering correct user/pwd I get the error message "Apache Tomcat/4.0.3 - HTTP Status 400 - Invalid direct reference to form login page". But when entering an incorrect user/pwd I get send to the loginError.jsp page. Which means that at least the user/pwd get checked.
So can I or can't I link directly to the login.jsp page and perform a login? Any ideas?
/Steffen