-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cun,
shunhecun wrote: > My application uses MemoryRealm and FORM-based authentication. <shiver> > In the file tomcat-users.xml, there is an user called "view", which belongs > to role "users". The role "users" is not included in web.xml of the > application. > > If I try to login the application with the user "view", I get an error: > "HTTP Status 403 - Access to the requested resource has been denied". I > cannot go back to the login page. I have to close the brower or restart the > server to see the login page. You don't need to kill the browser /or/ the server. You just need to kill the user's session. > Clean the browser's cache is not working. It seems the authentication > information is cached in the Tomcat server. Any idea? Tomcat links the authentication information for a user to the session. Once the session is dead, you can re-login. Override the 403 error page to include your own text including a link that takes you to the (unprotected) logout page. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4HaO9CaO5/Lv0PARAnm4AKCrvlXhb7G7m0QBzAGCOwFGS7Ci5QCgm6Ep RcJdLKCON73CZcBwS699+jw= =qisx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]