On 10/15/2003 10:32 AM Remy Maucherat wrote:
>> With this security:
>>
>>   <web-resource-collection>
>>     <web-resource-name>SSL 4 Login</web-resource-name>
>>     <url-pattern>/login.do</url-pattern>
>>   </web-resource-collection>
>>   <auth-constraint>
>>     <role-name>user</role-name>
>>     <role-name>admin</role-name>
>>   </auth-constraint>
>>   <user-data-constraint>
>>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>   </user-data-constraint>
>>
>> when I try to login to my login.do mapping, in mozilla I get repeated
>> login requests from tomcat. The first time twice only, the 2nd time 5
>> times, 3rd time 10 times etc etc.
>>
>> I can see from my logging that the realm login is successful, but
>> tomcat keeps giving the login page as stated.
>>
>> This does not happen in IE6 or lynx, in which the login works as normal.
>>
>> Has anybody else experienced this?
>
>
> Did you get correctly switched to SSL mode ?
>

Yes. I have reduced the webapp to a minimum and bundled it in a war at
http://www.cyberspaceroad.com/test.war (right click it & "save target
as...") if you want to see what I'm doing. It contains the struts.jar
and is therefore 0.85MB. If you don't have broadband I can bundle it
without the jars too.

Sometimes the ssl form-based authentication loops on the login page, and
sometimes it gives the "invalid direct reference" error.

As mentioned above, the non-SSL normal form-based login works fine.

In IE6 it works fine too.

Rgds
Adam

--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)