I use JDBC Realm (Tomcat 5) to authenticate users. Users with PRIVATE_ACCESS role can access Private Area (/private/*). But when I try to log in a user having PUBLIC_ACCESS role, Tomcat doesn't redirect the user to error.jsp page but redirect the user to something like this
HTTP Status 403 - Access to the requested resource has been denied
Below is an excerpt of my web.xml. Thanks anyway.
<security-constraint>
<display-name>Private Resource</display-name>
<web-resource-collection>
<web-resource-name>Private Area</web-resource-name>
<url-pattern>/private/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint> <!-- Anyone with one of the listed roles may access this area -->
<role-name>PRIVATE_ACCESS</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <!-- Security roles referenced by this web application -->
<security-role>
<role-name>PRIVATE_ACCESS</role-name>
</security-role>
<security-role>
<role-name>PUBLIC_ACCESS</role-name>
</security-role>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
