2 Replies Latest reply on Sep 6, 2002 7:57 AM by tbfmicke

    Jetty fails to give login error page when wrong user role

    tbfmicke


      I think that jetty has a problem with form based security and roles.

      I have secured "/secret" in my web.xml, and specified a loginpage and a page for when login fails (form based security). Only users with the role "super" is allowed into the /secret pages.

      I have two users, john and mary, only mary has the "super" role.

      When I login with a bad password or an unknown user I am directed to the login failure page as I should be, and of course when I log in as mary I get to my secret page.

      But, when I try to see a secret page and log in as john then I do not get my failure page, but a 403 error instead.

      Regards