favicon.ico 404

Favicons are small (16x16 or 32x32 pixels) page icons displayed in the browsers addressbar or your favorites listings (hence: favorites icon). Most modern browsers support favicons and therefore send a http request for either /facicon.ico or whatever is specified in the <link rel="icon"...> tag specified in the header of the page. If the favicon.ico file does not exist browsers show a standard icon and ignore error responses from the server. Simlarly many web servers filter favicon related error messages to keep their error logs readable.

If the favicon.ico file resides in a protected directory (which is likely if the context root is protected) browsers get confused and display a resource not found (404 ) error message. When a browser is pointed to http://somehost.com/ it requests the favicon file /favicon.ico. However since / is protected the browser is redirected to the login page. After specifying the correct login and password, the favicon is loaded and shown - but not the content of / (e.g. index.html).

To solve the problem save the favicon file in a public context or specifically allow access to the file. For example:

<security-constraint>
<web-resource-collection>
<web-resource-name>restricted</web-resource-name>
<url-pattern>/public/favicon.ico</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>

Then in the header of the login page specify the location of the icon file
<link rel="icon" href="public/favicon.ico" />
<link rel="shortcut icon" href="/public/favicon.ico" />