Progress!! I can now login but after I do, I get sent to the loginPage.jsp again. But if i backup from there and reload i can see i'm logged in and can even load saved games.
I know I try some tricky redirect after logs stuff but it also worked fine on tomcat. but thats my best guess now as to whats still wrong.
Here is what my web.xml file looks like now:
<security-constraint> <display-name>Logged in jsp</display-name>
<web-resource-collection>
<web-resource-name>Loggedinjsp</web-resource-name><description/>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/loggedin.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint><description/>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>LoginviaGET</web-resource-name><description/>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/login.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<description/>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Anydo</web-resource-name>
<description/>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>*.do</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<description/>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbc/wonderland/realm</realm-name>
<form-login-config>
<form-login-page>/loginPage.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description />
<role-name>member</role-name>
</security-role>
<security-role>
<description />
<role-name>admin</role-name>
</security-role>
[Message sent by forum member 'cal41' (calgach_at_yahoo.ca)]
http://forums.java.net/jive/thread.jspa?messageID=381371