If FORM authentication only works after encoding the url then the
browser is probably rejecting the cookie (JSessionId) that is normally
used to maintain a session.
If this is the case then every link should also be encoded.
Actually, this is good practise anyway (encodeURL does nothing if
cookies ARE being used to maintain state).
If tomcat can't use cookies and the url isn't encoded there is no way
for session info to be retained between requests and a new
(unauthenticated) session is started. This seems to be what you see when
you hit test2.jsp.

HTH,

Jon

S�ren Blidorf wrote:
> I have made a new installation of Tomcat 4.1.29 on my new DELL laptop
> running
> XP.
>
> I have copied the project to the new laptop and try set it up to work as
> on my
> work machine.
>
> I am not able to get the login to work. I am using the
> <security-constraint> in
> my web.xml.
>
> At first I could not get the FORM login to work only BASIC. Then I
> changed the
> FORM action to <%= response.encodeURL("j_security_check") %>, and I was
> able
> use FORM login.
>
> The next problem is that the auth is only accepted for the page that
> activated
> the FORM page. For example <url-pattern>/public/*</url-pattern> contains
>
> test.jsp and test2.jsp and when I link to test.jsp the FORM page is
> called.
> When succesfully logged in the request.getRemoteUser() is correct. But
> when I
> then link from there to test2.jsp the request.getRemoteUser() is NULL
> and the
> FORM page is called again.
>
> If you have any ideas that will get me in the right direction, please
> let me know.
>
> BR.
>
> Soren
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
> For additional commands, e-mail: tomcat-user-help@(protected)
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)