tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curtis Garman <curt.gar...@gmail.com>
Subject Re: doubts about tomcat form based authentication
Date Tue, 20 Oct 2009 17:08:46 GMT
On Tue, Oct 20, 2009 at 10:55 AM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nirvann,
>
> On 10/20/2009 2:50 AM, Nirvann wrote:
>> The first thing is what mechanism can be used to handle authorization
>> errors. For authentication we have control of jsp pages (Login and Login
>> error pages). But there is nothing to let users know that they are failing
>> role based authorization.
>
> Tomcat should be issuing a 403 error, which you ought to be able to
> capture using web.xml's <error-page> configuration.
>
>> Secondly, a subquestion of first, how does the container signal an
>> authorization error.
>
> See above.
>
>> I tried with IE and Mozilla. In IE I get a 404 resource
>> not found. In mozilla it just displays a blank page.
>
> If this is the case, then you probably have some kind of broken
> configuration. 404 is not appropriate for "forbidden", but if you are
> trying to forward to a page that doesn't exist, the 404 might be masking
> the 403 error.
>
Exactly...this is quite possible
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrd3VwACgkQ9CaO5/Lv0PAqTACeJ5MKYK7PsUGlsQ9gQCl7j6Zc
> uNwAoIIw/WB+QO5L1XuFs3YIZB9OOZ5R
> =lDTg
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



-- 
Curtis Garman
Web Programmer
Heartland Community College

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message