-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rob,
Rob Hunt wrote:
> I have a form on a page that posts directly to j_security_check:
As others have pointed out, you can't do that.
If you use a separate authentication mechanism, you can. See the
securityfilter project (http://securityfilter.sou
David Smith wrote:
j_security_check should never be directly referenced. Clients should
be requesting a secured resource. Tomcat then saves the request and
forwards the client to the login page (specified in WEB-INF/web.xml)
which in turn submit's authentication information to
j_security_che
j_security_check should never be directly referenced. Clients should be
requesting a secured resource. Tomcat then saves the request and
forwards the client to the login page (specified in WEB-INF/web.xml)
which in turn submit's authentication information to j_security_check.
Then tomcat res
I have a form on a page that posts directly to j_security_check:
http://www.site.com/index.htm
https://secure.site.com/j_security_check";>
When the POST request is received by secure.site.com, it kicks back a 408
response code and this message:
"The time allowed for
