-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cun,

shunhecun wrote:
> My application uses MemoryRealm and FORM-based authentication. 

<shiver>

> In the file tomcat-users.xml, there is an user called "view", which belongs
> to role "users".  The role "users" is not included in web.xml of the
> application. 
> 
> If I try to login the application with the user "view", I get an error:
> "HTTP Status 403 - Access to the requested resource has been denied". I
> cannot go back to the login page. I have to close the brower or restart the
> server to see the login page. 

You don't need to kill the browser /or/ the server. You just need to
kill the user's session.

> Clean the browser's cache is not working. It seems the authentication
> information is cached in the Tomcat server. Any idea?

Tomcat links the authentication information for a user to the session.
Once the session is dead, you can re-login. Override the 403 error page
to include your own text including a link that takes you to the
(unprotected) logout page.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG4HaO9CaO5/Lv0PARAnm4AKCrvlXhb7G7m0QBzAGCOwFGS7Ci5QCgm6Ep
RcJdLKCON73CZcBwS699+jw=
=qisx
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to