Hi,
I am developing a JSF application using SSL. Everything works fine without SSL, but when I turn on SSL (certificate ok and everything) the form authentiaction no longer tells me when I enter a wrong user/pass combination. That is the redirect to the form-error-page does not work, it simply reloads the login URL with j_security_check at the end.
The application as a whole works like a charm (traffic is encrypted, padlock si displayed in browsers, etc.), but the login problem really bothers me.
From what I understand, it is a bug in Glassfish, but is there a workaround other than turning off SSL?
Thank you
---------------excerpt from my web.xml:
<security-constraint>
<display-name>SSL Constraint</display-name>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>ERROR</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
[Message sent by forum member 'xkelt' (petr.svestka_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=379551