tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victoria Einarsson <victoria.einars...@affectus.se>
Subject wrong user role => Error 403 instead of redirecting to Form-Error-Page
Date Thu, 10 Jan 2002 10:34:00 GMT
Hi,

Im a newbie and have some problems with JDBCRealm and form-login and I hope someone can help
me.

When I login with a correct username and password but wrong role, it does not redirect to
the specified form-error-page. Instead it returns 403 error  code. But when I logon as a user
that is not in the database it redirects correctly to the specified page. Im using Tomcat
4.0.1 and MySQL database
Whats wrong? (more details below)

Thanks a lot in advance!
/ Victoria



In MySql database I have the two users
   username=vic password=vic role=manager
   username=pet password=pet role=user


The web.xml-file:
...
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Entire Application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>manager</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>JDBC</realm-name>
    <form-login-config> 
        <form-login-page>/login.html</form-login-page> 
        <form-error-page>/error.html</form-error-page>
    </form-login-config> 
  </login-config>
...


The login.html:
...
<form method="POST" action="j_security_check"> 
  Login id: <input type="text" name="j_username" size="8"  class=formStyle><br>
  Password: <input type="password" name="j_password"  size="8"  class=formStyle><br>
  <input type="submit" value=" Log In " = name="LogIn"  class=formStyle>          
</form>
...


When I login as "vic, vic" (in database an correct role) I'm redirected to index.html    =>
OK
When I login as "jim,jim" (not in the database) I'm redirected to error.html    => OK
When I login as "pet,sdg" (pet in database but wrong password) I'm redirected to error.html
   => OK
But when I login as "pet,pet" (user in database but not correct role)  I got error 403   
=> NOT Ok, Im expecting to be redirected to error.html






--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message