tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Pennock" <cpenn...@plumbdesign.com>
Subject FORM login with wrong role gets 404, not error page - bug?
Date Tue, 05 Feb 2002 17:21:49 GMT
I've found some behavior that seems wrong - can someone confirm that it is correct or a known
bug?

Specifically, using FORM login (with memory- or jdbc Realm), if I try to log into a protected
area with a user and password that exist, but don't have the correct role to access the area,
I get a 403:

"
Apache Tomcat/4.0.1 - HTTP Status 403 - Access to the requested resource has been denied
------------------------------------------------------------------------------
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied)
has been forbidden.
"

Then, after that failure, when I try to login with a user with the correct role, I get a 404:

"
Apache Tomcat/4.0.1 - HTTP Status 404 - /jsp/security/j_security_check
--------------------------------------------------------------------------------
type Status report
message /jsp/security/j_security_check
description The requested resource (/jsp/security/j_security_check) is not available.
"

In both of these cases, I had hoped to get the error page I had specified in <form-error-page>,
which I do get if I try to login with a user that does not exist.

Is this the correct behavior? It seems that if I try to login with a user with the wrong role
it 'breaks' the login for further attempts with a user with the correct role.

Any insight would be greatly appriciated.

thanks,
Chris

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message