Nirvann: > I mean't authorization. Consider a scenario as follows. There are two users, > admin and user. Consider two pages adminPage.jsp and userPage.jsp. Admin has > rights to both the pages but user can access only userPage.jsp. Lets assume > that the user logs in as user (not admin) and accesses userPage.jsp. It is > fine upto this point because user has access to userPage.jsp. But what > happens if the user tries to access adminPage.jsp for which he is not > authorized. As you have indicated it should fail through 403 access denied. > But, I am getting "HTTP 404 - File not found" in IE and blank page in > Mozilla.
In a situation like the one you describe my Tomcat responds with 403 response code and the standard access denied page (I did not change it in web.xml). So, I second Curtis' guess that you did something wrong. BTW: What IE shows you is of very little use, unless you turn off "friendly" error messages. -- Regards mks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org