tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curtis Garman <>
Subject Re: doubts about tomcat form based authentication
Date Tue, 20 Oct 2009 13:15:29 GMT
I'm interested in what others have to say about this too...for
instance there is no provision for disabling an account either...if
the account exists you can login with it.

I'm not sure I understand the second part of your question about yo mean authorization or authentication?...if you
really mean authentication, it sounds to me like you don't have
something set up should be getting a 403 access denied
in both firefox and ie if login fails. Authorization has nothing to do
with form based authentication and would be handled by the container
based on the roles you create.


On Tue, Oct 20, 2009 at 1:50 AM, Nirvann <> wrote:
> I am trying to explore the form based authentication provided by container. I
> have some doubts regarding same.
> The first thing is what mechanism can be used to handle authorization
> errors. For authentication we have control of jsp pages (Login and Login
> error pages). But there is nothing to let users know that they are failing
> role based authorization.
> Secondly, a subquestion of first, how does the container signal an
> authorization error. I tried with IE and Mozilla. In IE I get a 404 resource
> not found. In mozilla it just displays a blank page.
> regards,
> nirvan.
> --
> View this message in context:
> Sent from the Tomcat - User mailing list archive at
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Curtis Garman
Web Programmer
Heartland Community College

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message