Curtis Garman wrote:
I'm interested in what others have to say about this too...for
instance there is no provision for disabling an account either...if
the account exists you can login with it.
I'm not sure I understand the second part of your question about
authorization...do yo mean
Sorry guys to have bothered you with my silly mistake. Actually, I had
configured 403 error page in web.xml file but the page was not at proper
location. Hence I was getting 404 file not found. Now I can access the role
error page for authorization error. Thanks a lot for all your insights.