I have set up a login form using JAAS and all login, and authentication is done properly and fine. The problem I have is this:
Scenario:
1. go to the login page
2. wait until the session ends (or for debug, stop and start tomcat).
3. once the the server is up
4. press the submit button on the login page - the action on the form is j_security_check
Now since (I think) the session ended, I get HTTP Status 400 - Invalid direct reference to form login page
and the url has changed to :j_security_check?j_username=myusername&j_password=mypassword
Configuration (web.xml):
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Fabrix Manager Application</realm-name>
<form-login-config>
<form-login-page>/login.fbx</form-login-page>
<form-error-page>/fail.jsp</form-error-page>
</form-login-config>
</login-config>
Login is done over ssl
Is there a way to solve this?
If the user just goes to the login page, and fills the values and then submits the page, there is no problem - this is only with we have timeout