I've been thru' most of the forum on this subject but I seem to be missing something fundamental. I've written a tiny app to test form-based-login as follows:
Login.jsp: calls j_security_check
jboss-web.xml: specifys login module in auth.conf
auth.conf: has sql for user authentication
web.xml: specifys protected URLs and roles. Also login page and error page.
After successful login I get error "invalid direct reference to form Login page". Where do I specify which HTML/JSP/Servlet to call after the login is successful?
ANy help will be appreciated. Relevent files attached.
nb: I'm using Jboss2.4.4 with Tomcat4.0.1.
ok, got the solution. Just realized that I should not call my Login.jsp directly but instead call some other 'welcome' jsp which should be protected. Then container calls the login.jsp and returns to 'welcome'when authenticated. Yep solved it all by myself!