I've set up a test case for a user that is successfully authenticated but that is not authrorized by the security-constraint to access a servlet. I've tested other form basedlogin behavior and got the expected resuts. Accession page requireing authentication redirects to form-login-page, invalid credentials to form-error-page, valid credentials for authorized user to initial target.
However, when I provide valid credentials for user that is not authorized, I get an HTTP Status 403 back. Other container managers I've used direct to form-login-page in this sittuation. What can I do to intercept this condition and redirect to a page of my choosing? I'm using JBoss 4.0.2 and the LdapLoginModule. Again, everything works except for this condition. Excerpts from web.xml and ldif follow. The usera gets in fine, userb gets a status 403. <<<<---- cut - part of web.xml - begin ---->>>> <security-constraint> <web-resource-collection> <web-resource-name>unprotected resources</web-resource-name> <url-pattern>/login_placeholder.jsp</url-pattern> <url-pattern>/error_placeholder.jsp</url-pattern> </web-resource-collection> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>protected resources</web-resource-name> <url-pattern>/welcome_placeholder.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>authRole</role-name> </auth-constraint> </security-constraint> <!-- The Usual Welcome File List --> <welcome-file-list> <welcome-file>/welcome_placeholder.jsp</welcome-file> </welcome-file-list> <login-config> <realm-name>realm</realm-name> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login_placeholder.jsp</form-login-page> <form-error-page>/error_placeholder.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>authRole</role-name> </security-role> <<<<---- cut - part of web.xml - end ---->>>> <<<<---- cut - part of LDIF - begin ---->>>> dn: uid=usera,ou=people,dc=acorp,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: usera mail: [EMAIL PROTECTED] cn: Authorized User sn: User userpassword: {SSHA}/J+00NUgSWm/iM1KIiR2GuR+E+ugezfz dn: uid=userb,ou=people,dc=acorp,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: userb mail: [EMAIL PROTECTED] cn: Nonauthorized User sn: User userpassword: {SSHA}XYOUSJ7BcSHQ+5viFT8Zzoo6Mb3dGoLn dn: cn=authRole,ou=roles,dc=acorp,dc=com changetype: add objectclass: top objectclass: groupofuniquenames cn: authRole description: Group of users with access to app uniqueMember: uid=usera,ou=people,dc=acorp,dc=com <<<<---- cut - part of LDIF - end---->>>> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923500#3923500 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923500 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user