On Tue, Oct 20, 2009 at 10:55 AM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nirvann, > > On 10/20/2009 2:50 AM, Nirvann wrote: >> The first thing is what mechanism can be used to handle authorization >> errors. For authentication we have control of jsp pages (Login and Login >> error pages). But there is nothing to let users know that they are failing >> role based authorization. > > Tomcat should be issuing a 403 error, which you ought to be able to > capture using web.xml's <error-page> configuration. > >> Secondly, a subquestion of first, how does the container signal an >> authorization error. > > See above. > >> I tried with IE and Mozilla. In IE I get a 404 resource >> not found. In mozilla it just displays a blank page. > > If this is the case, then you probably have some kind of broken > configuration. 404 is not appropriate for "forbidden", but if you are > trying to forward to a page that doesn't exist, the 404 might be masking > the 403 error. > Exactly...this is quite possible > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkrd3VwACgkQ9CaO5/Lv0PAqTACeJ5MKYK7PsUGlsQ9gQCl7j6Zc > uNwAoIIw/WB+QO5L1XuFs3YIZB9OOZ5R > =lDTg > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
-- Curtis Garman Web Programmer Heartland Community College --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org