tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <smcar...@smcardle.com>
Subject 403 Access denied
Date Mon, 11 Feb 2002 18:23:04 GMT
Hi All,

Got a bit of a problem with my current application regarding security and went back to the
/examples/jsp/security/protected application in the examples context supplied by default to
try it out and I get the same issues here.

I have added user manager to the tomcat-users.xml file with role manager. When you now run
the protected example and use manager to login you get the default tomcat error handler page
for 403 access denied as the security has been set for any user with role tomcat and role1
by default but not manager role.

Each time I now point to the examples URL now I get this error page and only after session
time out or restarting the server do I get the login page to apear again.

I thought I would add an <error-page> entry for <error-code>403</error-code>
where I could display my error and invalidate the session so that any URL accessed in the
protected area after that would once again produce the login form. I created a 403 error page
called forbidden.jsp and put it in the directory bellow protected so that the server isnt
trying to display a page within the protected area and it does not display. Instead I get
a "The page cannot be displayed" HTTP 500 internal server error page and the URL is set to
http://<server>/examples/jsp/security/protected/j_security_check

I realy would like some feedback on this as it seem to be quite an issue for FORM authentication
as you can define your own custom login and error pages but not a custom forbidden page....


Regards

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message