tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bragg, Casey" <>
Subject Follow Up: 403 error-page N/W
Date Tue, 28 Aug 2001 05:09:08 GMT
I found one more detail...

My 403 error page works if the 403 is caused by a filter, but it doesn't
work if caused by JDBCRealm.

consider the file /secured/junk.html
- which is protected by a security constraint which is Form based and tied
to JDBCRealm (I'm sure that's bad wording... I hope you get the idea...)
- if I login as a user with the correct role to access /secured/junk.html,
but I force my filter to cause a 403 for that file, my 403 error page is
displayed correctly.
- if I login as a user WITHOUT the correct role to access
/secures/junk.html, my custom 403 error page is NOT accessed.
- if I login as a user WITHOUT the correct role to access
/secures/junk.html, and I force my filter to cause a 403 for that file, my
custom 403 error page is still NOT accessed.

Hopefully I've given some good clues now...


-----Original Message-----
From: Bragg, Casey []
Sent: Monday, August 27, 2001 8:56 PM
Subject: 403 error-page N/W : I guess its just me

Is it just me?  Does anybody have tomcat working with a custom 403 page?  If
not, this seems like a big problem.  

Any help greatly appreciated... This is really screwing up my login flow.



>From Sunday's post...

I'm trying to get tomcat to use my 403 forbidden error page.  I've had no
luck with it so far.  My 404 page works fine.  I have this problem even if I
turn off IE friendly error messages.

Using tomcat 4.0b7, JDBCRealm (against mySQL), running on Linux.

from web-xml :



from localhost_access_log : 

(Here's where I hit a forbidden page)... - - [26/Aug/2001:13:14:13 -0600] "POST
HTTP/1.1" 302 - - guest [26/Aug/2001:13:14:13 -0600] "GET /secured/index.jsp
1.1" 403 -

(Here's where I hit a page that doesn't exist)... - guest [26/Aug/2001:13:14:30 -0600] "GET /asdasdas HTTP/1.1"

from catalina.out

XmlMapper: new null org.apache.catalina.deploy.ErrorPage error-page
rorCode=0, location=null]
XmlMapper: org.apache.catalina.deploy.ErrorPage.setErrorCode( 403)
XmlMapper: org.apache.catalina.deploy.ErrorPage.setLocation(
XmlMapper: Calling org.apache.catalina.core.StandardContext.addErrorPage
ge[errorCode=403, location=/security/status/forbidden.jsp]
XmlMapper: pop error-page org.apache.catalina.deploy.ErrorPage:
ode=403, location=/security/status/forbidden.jsp]

View raw message