You can set up a customized 403 error page for catching unauthorized requests (using web.xml)
-Tim
Simone - Dev wrote:
Hello All,
I've a strange problem using the form login coupled with JDBCRealm.
This the web.xml I'm using
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>An administrator</description>
<role-name>manager</role-name>
</security-role>
</web-app>
The strange behaveur is that if I logon using a completely wrong user
(either user or password invalid) I get redirected to the error.jsp page
but if I type in a user that has not the "manager" role I get redirected
to the originally requested page (/protected/index.jsp) but then get a
403 error (Access denied)
Can't get to solve this...
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
