I just got security working and have a related question.
In the web.xml, we specify a login and an error page. Is there anyway, we can have some custom pages for access denied, too many login attempts (this is thrown as an exception inside the LoginModule implementation I have writtent)?
For http errors (like access denied) you can specify the error page in the web.xml file.