Return-Path: 
 <tomcat-user-return-10495-qmlist-jakarta-archive-tomcat-user=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 7453 invoked from network); 11 Feb 2002 18:23:51 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 11 Feb 2002 18:23:51 -0000
Received: (qmail 17276 invoked by uid 97); 11 Feb 2002 18:23:06 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org
Received: (qmail 17199 invoked by uid 97); 11 Feb 2002 18:23:05 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 17123 invoked from network); 11 Feb 2002 18:23:04 -0000
Date: 11 Feb 2002 10:23:04 -0800
Message-ID: <20020211182304.3403.cpmta@c009.snv.cp.net>
X-Sent: 11 Feb 2002 18:23:04 GMT
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: tomcat-user@jakarta.apache.org
From: <smcardle@smcardle.com>
X-Mailer: Web Mail 3.9.3.5
X-Sent-From: smcardle@smcardle.com
Subject: 403 Access denied
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Hi All,

Got a bit of a problem with my current application regarding security and went back to the /examples/jsp/security/protected application in the examples context supplied by default to try it out and I get the same issues here.

I have added user manager to the tomcat-users.xml file with role manager. When you now run the protected example and use manager to login you get the default tomcat error handler page for 403 access denied as the security has been set for any user with role tomcat and role1 by default but not manager role.

Each time I now point to the examples URL now I get this error page and only after session time out or restarting the server do I get the login page to apear again.

I thought I would add an <error-page> entry for <error-code>403</error-code> where I could display my error and invalidate the session so that any URL accessed in the protected area after that would once again produce the login form. I created a 403 error page called forbidden.jsp and put it in the directory bellow protected so that the server isnt trying to display a page within the protected area and it does not display. Instead I get a "The page cannot be displayed" HTTP 500 internal server error page and the URL is set to http://<server>/examples/jsp/security/protected/j_security_check

I realy would like some feedback on this as it seem to be quite an issue for FORM authentication as you can define your own custom login and error pages but not a custom forbidden page....


Regards

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>