Hello: I just wrote my first form-based security control. It works fine if I sign with a user id that plays the permitted role.
But when I enter a user id that does not play the permitted role, instead of getting my customized error page, autherr.html, I get a generic 403 error. Can somebody tell me what I am doing wrong? Thanks. Venkat Web.xml section: <security-constraint> <web-resource-collection> <web-resource-name>MyFirst</web-resource-name> <description> accessible by authenticated users of the tomcat role</description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <description>These roles are allowed access</description> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>MyFirst Protected Area</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/autherr.html</form-error-page> </form-login-config> </login-config> <security-role> <description>Only 'tomcat' role is allowed to access this web application</description> <role-name>tomcat</role-name> </security-role> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]