My web.xml declares a requirement for form based authentication.
When a user attempts to access the protected resource, the user is presented with my login page as expected. However, once a valid name and password are entered and submitted, the error "HTTP Status 400 - Invalid direct reference to form login page" is received.
I've read about how it is possible to get this message if you attempt to access the login page directly - but this is not my case. Can someone explain why I receive this message.
I'm using
Struts 1.1
Tomcat 5.0.18 with IE6.
In my web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative</web-resource-name>
<!-- The URLs to protect -->
<url-pattern>/modifyOrder.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- The authorized users -->
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form Authentication Area</realm-name>
<form-login-config>
<form-login-page>/WEB-INF/pages/login.htm</form-login-page>
<form-error-page>/WEB-INF/pages/errorpage.html</form-error-page>
</form-login-config>
</login-config>
[ March 09, 2004: Message edited by: Rich Smyth ]
[ March 09, 2004: Message edited by: Rich Smyth ]