If you interpret "xyz" as "just any username", then I guess you need a separate login page (and perhaps two different error pages?). How else should you get to the error page from the failed login? [There is probably some way, and it would be interersting to know.]
However, if you follow what we learned earlier in the lab, you could interpret "xyz" as some unauthorized but valid user, e.g. daniel. Then you can work with basic authentication and an error page very similar to myown403error.jsp - I've tried it. /Fredrik On 21 Mar, 05:03, Karl <karlk...@yahoo.com> wrote: > So am I to guess that the homework for Web Application security is wanting a > form based implementation and not basic? I'm guessing this is true since it's > asking for a custom error page if a unknown user is entered (xyz/xyz). > If this is so, the hello1 application will also need a custom login page as > well, correct? > These homework instructions could be a might clearer. > > ~karl --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Java EE (J2EE) Programming with Passion!" group. To post to this group, send email to java-ee-j2ee-programming-with-passion@googlegroups.com To unsubscribe from this group, send email to java-ee-j2ee-programming-with-passion+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/java-ee-j2ee-programming-with-passion?hl=en -~----------~----~----~----~------~----~------~--~---
