tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: doubts about tomcat form based authentication
Date Tue, 20 Oct 2009 15:55:08 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nirvann,

On 10/20/2009 2:50 AM, Nirvann wrote:
> The first thing is what mechanism can be used to handle authorization
> errors. For authentication we have control of jsp pages (Login and Login
> error pages). But there is nothing to let users know that they are failing
> role based authorization.

Tomcat should be issuing a 403 error, which you ought to be able to
capture using web.xml's <error-page> configuration.

> Secondly, a subquestion of first, how does the container signal an
> authorization error.

See above.

> I tried with IE and Mozilla. In IE I get a 404 resource
> not found. In mozilla it just displays a blank page.

If this is the case, then you probably have some kind of broken
configuration. 404 is not appropriate for "forbidden", but if you are
trying to forward to a page that doesn't exist, the 404 might be masking
the 403 error.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrd3VwACgkQ9CaO5/Lv0PAqTACeJ5MKYK7PsUGlsQ9gQCl7j6Zc
uNwAoIIw/WB+QO5L1XuFs3YIZB9OOZ5R
=lDTg
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message