In 3.3 tomcat I have crimson in my web-inf/lib and it is dynamically loaded, in 4.x I have to remove crimson and put two(xmlPar.. and xercesImpl). In 3.3 xmlPar and xercesI.. does not work. I am confused ..
-----Original Message----- From: Scott Dayberry [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 11:32 AM To: [EMAIL PROTECTED] Subject: getRemoteUser() reset to null after authenticated user hits anunauthorized page I am using form-based authentication under Tomcat 3.2.3. I have 3 security-constraint sections in web.xml for 3 different user roles. If an already authenticated user selects a page to which he is not authorized, he is redirected to the form-error-page (I thought this should be a 403-Forbidden error instead), and his authentication is invalidated. (A getRemoteUser() call returning null at this point verifies this). The implication of this, is that he can no longer select any pages that he IS authorized for, and must re-login. Is this a known bug with Tomcat 3.2.3, expected behavior, or is there a configuration setting I am missing? Thanks in advance, Scott -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
