If you're using form-based authentication in your Tomcat Application - you might've seen this error before:
Well, the good news is - I figured out how to get around this today. Basically, it's caused when someone tried to go directly to your <form-login-page> to login, rather than a protected resource.
I use my index.jsp (welcome-file-list) page to do a redirect to a projected resource:
index.jsp -------- <%@ taglib uri="/WEB-INF/struts-logic.tld" prefix="logic" %> <logic:redirect page="/do/mainMenu"/%gt;
So I merely added the error-page declaration below to my web.xml, and whalla - no more error message!
<error-page> <!-- 400 code is from trying to go directly to login.jsp --> <error-code>400</error-code> <location>/index.jsp</location> </error-page>