form based login with LDAP

hi
we are developing an application that should authenticate registered users
we use WIN2K/was AE 4.0.1/IBM SecureWay
the ldap seems to be ok, as we can look up entries from the admin console
when i try to request a protected resource on the site i am redirected to the login.jsp file as it is in the specification
now if i enter a wrong userID/pwd pair i am forwarded to the error.jsp file
almost perfect:
if i enter a valid user/pwd then either i am redirected to a directory list of the app!!
or nothing at all happens
the web.xml file is:

<code>
<?xml version="1.0" encoding="UTF-8"?>
< !DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">;
<web-app id="WebApp_ID">
<display-name>aik4.0</display-name>
<servlet id="Servlet_1">
<servlet-name>ForumManager</servlet-name>
<display-name>ForumManager</display-name>
<servlet-class>hu.iface.aik.ForumManager</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping id="ServletMapping_1">
<servlet-name>ForumManager</servlet-name>
<url-pattern>/forum/ForumManager</url-pattern>
</servlet-mapping>
<session-config id="SessionConfig_1">
<session-timeout>15</session-timeout>
</session-config>
<welcome-file-list id="WelcomeFileList_1">
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint id="SecurityConstraint_1">
<web-resource-collection id="WebResourceCollection_1">
<web-resource-name>Protected</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_1">
<description>AIK security:+:AIK regisztrált ügyfél</description>
<role-name>registered</role-name>
</auth-constraint>
<user-data-constraint id="UserDataConstraint_1">
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config id="LoginConfig_1">
<auth-method>FORM</auth-method>
<form-login-config id="FormLoginConfig_1">
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role id="SecurityRole_1">
<description>AIK regisztrált ügyfél</description>
<role-name>registered</role-name>
</security-role>
</web-app>
</code>

hi
sorry the web.xml again:
any help would be appreciated
<?xml version="1.0" encoding="UTF-8"?>
< !DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">;
<web-app id="WebApp_ID">
<display-name>aik4.0</display-name>
<servlet id="Servlet_1">
<servlet-name>ForumManager</servlet-name>
<display-name>ForumManager</display-name>
<servlet-class>hu.iface.aik.ForumManager</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping id="ServletMapping_1">
<servlet-name>ForumManager</servlet-name>
<url-pattern>/forum/ForumManager</url-pattern>
</servlet-mapping>
<session-config id="SessionConfig_1">
<session-timeout>15</session-timeout>
</session-config>
<welcome-file-list id="WelcomeFileList_1">
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint id="SecurityConstraint_1">
<web-resource-collection id="WebResourceCollection_1">
<web-resource-name>Protected</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_1">
<description>AIK security:+:AIK regisztrált ügyfél</description>
<role-name>registered</role-name>
</auth-constraint>
<user-data-constraint id="UserDataConstraint_1">
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config id="LoginConfig_1">
<auth-method>FORM</auth-method>
<form-login-config id="FormLoginConfig_1">
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role id="SecurityRole_1">
<description>AIK regisztrált ügyfél</description>
<role-name>registered</role-name>
</security-role>
</web-app>

There were serveral issues with form login in the early versions of WS 4. Upgrade to WS 4.5 and try again. I know that 4.0.2 and 4.0.4 do NOT work.