Securing index.jsp as a protected resource and using basic authentication
prevents the error part of the deployment descriptor from the
expected/desired behavior for a 401 error. I would like to have MY 401
error page show after three invalid login attempts rather than Tomcat's.
Is this something that can be handled through the ErrorDispatcherValve?
Is anyone using this valve? Can you provide an example?
<error-page>
<error-code>401</error-code>
<location>/error401.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>dora</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>1</role-name>
<role-name>2</role-name>
<role-name>3</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DORA</realm-name>
</login-config>
Thanks,
Derrick
This electronic transmission is strictly confidential to Smith & Nephew and
intended solely for the addressee. It may contain information which is
covered by legal, professional or other privilege. If you are not the
intended addressee, or someone authorized by the intended addressee to
receive transmissions on behalf of the addressee, you must not retain,
disclose in any form, copy or take any action in reliance on this
transmission. If you have received this transmission in error, please
notify the sender as soon as possible and destroy this message.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
