Omar! Aha! Even the autherr.html page seems to be protected by the form-based security. When I try to open autherr.html by the url, http://127.0.0.1:8080/MyFirst/autherr.html, I get the login page!
How would I unprotect it? Thanks. -----Original Message----- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 3:31 AM To: Tomcat Users List Subject: Re: Form-based security what happen if you load tour error page using the address bar? can you see it? Isn't a path matter? regards, Omar On Wed, 19 Jan 2005 00:06:20 -0500, Venkat & Radha Venkataramanan <[EMAIL PROTECTED]> wrote: > Hello: > > I just wrote my first form-based security control. It works fine if I sign > with a user id that plays the permitted role. > > But when I enter a user id that does not play the permitted role, instead of > getting my customized error page, autherr.html, I get a generic 403 error. > > Can somebody tell me what I am doing wrong? > > Thanks. > > Venkat > > Web.xml section: > > <security-constraint> > <web-resource-collection> > <web-resource-name>MyFirst</web-resource-name> > <description> accessible by authenticated users of the > tomcat role</description> > <url-pattern>/*</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > <http-method>DELETE</http-method> > </web-resource-collection> > <auth-constraint> > <description>These roles are allowed access</description> > <role-name>tomcat</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>MyFirst Protected Area</realm-name> > <form-login-config> > <form-login-page>/login.html</form-login-page> > <form-error-page>/autherr.html</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <description>Only 'tomcat' role is allowed to access this web > application</description> > <role-name>tomcat</role-name> > </security-role> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Adobati Omar [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
