Do you have something like
<login-config> <auth-method>FORM</auth-method> <realm-name>mbi</realm-name> <form-login-config> <form-login-page>/faces/Login.jsp</form-login-page> <form-error-page>/faces/LoginError.jsp</form-error-page> </form-login-config> </login-config>
in web.xml ?
No I don´t have a form login in this webapp.
This problem is really bothering me. I have posted a similar message in the jakarta.tomcat mailing list, but no one seem to hava a solution.
I haven't tried it yet (dont´t know if it should work anyway), but I think maybe I have to put a security domain around the application and enforce all communication to SSL that way??
Ok, I solved it. Yeeeeehaa!! ;)
The trick was to add another url-pattern for the root context. One would think that the <url-pattern>/*</url-pattern> would suffice but it needs to be specified as <url-pattern>/</url-pattern> to work.
Best of luck to you all