tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curtis Garman <>
Subject Re: doubts about tomcat form based authentication
Date Tue, 20 Oct 2009 15:02:00 GMT
I would also google "making internet explorer display your error page"
...this is something I learned in the "apache cookbook"...IE will
display it's own error message if your error page isn't at least 512
bytes...anyway you might want to research this a little

Did you define a custom 403 page? Are you sure you aren't getting the
404 looking for your 403 page? I'm not sure what else to tell you
because I've never had this problem. It might help if you post some of
your configuration/code


2009/10/20 Markus Schönhaber <>:
> Nirvann:
>> I mean't authorization. Consider a scenario as follows. There are two users,
>> admin and user. Consider two pages adminPage.jsp and userPage.jsp. Admin has
>> rights to both the pages but user can access only userPage.jsp. Lets assume
>> that the user logs in as user (not admin) and accesses userPage.jsp. It is
>> fine upto this point because user has access to userPage.jsp. But what
>> happens if the user tries to access adminPage.jsp for which he is not
>> authorized. As you have indicated it should fail through 403 access denied.
>> But, I am getting "HTTP 404 - File not found" in IE and blank page in
>> Mozilla.
> In a situation like the one you describe my Tomcat responds with 403
> response code and the standard access denied page (I did not change it
> in web.xml).
> So, I second Curtis' guess that you did something wrong.
> BTW: What IE shows you is of very little use, unless you turn off
> "friendly" error messages.
> --
> Regards
>  mks
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Curtis Garman
Web Programmer
Heartland Community College

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message