Index: jbossweb-2.1.13/java/org/apache/catalina/realm/RealmBase.java =================================================================== --- jbossweb-2.1.13/java/org/apache/catalina/realm/RealmBase.java (revision 2051) +++ jbossweb-2.1.13/java/org/apache/catalina/realm/RealmBase.java (working copy) @@ -45,7 +45,6 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.core.ContainerBase; -import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.deploy.SecurityConstraint; import org.apache.catalina.deploy.SecurityCollection; import org.apache.catalina.util.HexUtils; @@ -728,31 +727,6 @@ if (constraints == null || constraints.length == 0) return (true); - // Specifically allow access to the form login and form error pages - // and the "j_security_check" action - LoginConfig config = context.getLoginConfig(); - if ((config != null) && - (Constants.FORM_METHOD.equals(config.getAuthMethod()))) { - String requestURI = request.getRequestPathMB().toString(); - String loginPage = config.getLoginPage(); - if (loginPage.equals(requestURI)) { - if (log.isDebugEnabled()) - log.debug(" Allow access to login page " + loginPage); - return (true); - } - String errorPage = config.getErrorPage(); - if (errorPage.equals(requestURI)) { - if (log.isDebugEnabled()) - log.debug(" Allow access to error page " + errorPage); - return (true); - } - if (requestURI.endsWith(Constants.FORM_ACTION)) { - if (log.isDebugEnabled()) - log.debug(" Allow access to username/password submission"); - return (true); - } - } - // Which user principal have we already authenticated? Principal principal = request.getPrincipal(); boolean status = false;