JAAS form authentication with form page matching protected resources
Recently someone show me an application with a strange JAAS setting: using form authentication, they configured the login and error pages inside the protected resources, something like "
Does someone knows if this settings could generate some issues? Should not the login and error pages be outside the protected resources? What are the backdraws of that configuration?