-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nirvann,
On 10/20/2009 2:50 AM, Nirvann wrote: > The first thing is what mechanism can be used to handle authorization > errors. For authentication we have control of jsp pages (Login and Login > error pages). But there is nothing to let users know that they are failing > role based authorization. Tomcat should be issuing a 403 error, which you ought to be able to capture using web.xml's <error-page> configuration. > Secondly, a subquestion of first, how does the container signal an > authorization error. See above. > I tried with IE and Mozilla. In IE I get a 404 resource > not found. In mozilla it just displays a blank page. If this is the case, then you probably have some kind of broken configuration. 404 is not appropriate for "forbidden", but if you are trying to forward to a page that doesn't exist, the 404 might be masking the 403 error. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrd3VwACgkQ9CaO5/Lv0PAqTACeJ5MKYK7PsUGlsQ9gQCl7j6Zc uNwAoIIw/WB+QO5L1XuFs3YIZB9OOZ5R =lDTg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org