Sahoo
Thanks for pointing my mistake out for me! Unfortunately this has not fixed the problem. In the meantime I've tried moving the logon jsp to a directory called secure off the server root, then mapping everything in that directory with with transport-guarantee CONFIDENTIAL (see below). Still no success. Any ideas?
Cheers
Spencer
<security-constraint>
<display-name>secure constraint</display-name>
<web-resource-collection>
<web-resource-name>secure pages</web-resource-name>
<description>SSL protected pages</description>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>File</realm-name>
<form-login-config>
<form-login-page>/secure/logon.jsp</form-login-page>
<form-error-page>/secure/logon-error.jsp</form-error-page>
</form-login-config>
</login-config>
[Message sent by forum member 'spencerthomo' (spencerthomo)]
http://forums.java.net/jive/thread.jspa?messageID=241422