anonymous wrote : I want to let the user know that they have authenticated but failed authorization and to trying logging in with another username and password that has authorization
On detecting a authorization failure, why dont you invalidate the session, so that user credentials are discarded: http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpSession.html#invalidate() However, i am not sure whether this is the right approach to follow. There might even be better approaches. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958122#3958122 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958122 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
