On Tue, 22 Jan 2002, Andrea Cervellati wrote: > Date: Tue, 22 Jan 2002 08:36:41 +0100 (MET) > From: Andrea Cervellati <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > Andrea Cervellati <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: How to capture authentication errors > > Hi, > > I'm using JBoss and Tomcat to develop my web application. > > I have a security domain and the user must authenticate itself to access the > restricted area. > > I'm using the DatabaseServer login module and I have defined the necessary > tables. > > I want to display an error page when the user is not allowed to access instead > of the HTTP-403 error message. > > The error.jsp page starts with the following: > > <%@ page language="java" session="false" isThreadSafe="false" info="Error Page" > isErrorPage="true" %> > > In my jboss-web.xml I've specified that the security domain to be used is the > same of the Jboss EJB container: > > <jboss-web> <security-domain>java:/jaas/modulojdbc</security-domain> > </jboss-web> > > I've tried to add the following lines in the web.xml: > > <error-page> > <error-code>403</error-code> > <location>/error.jsp</location> > </error-page> >
This is the right way to do what you want. > but I keep having the HTTP-403 message displaied. > Tomcat 4.0 and 4.0.1 did not support user-defined error pages for authentication errors. Could you please try this with Tomcat 4.0.2b2 instead? > I've also tried to use the <form-error-page> tag like this: > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/error.jsp</form-error-page> > </form-login-config> > </login-config> > > , but still have the problem > That's because the form error page is only used when the username/pasword combination is not recognized (essentially, it replaces a 401 status). The 403 error means that the container figured out who the user was -- that person just doesn't have one of the required roles to access the requested resource. > What can I do? > Should I add anything else in the jboss-web.xml? > > I've posted rhis question even in the Java Forums and someone answered me that > he had to change the Tomcat source to fix the problem. > > Please help! > > Thanks in advance > Craig McClanahan -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
