Hi,

I've pretty much got my application authenticating users the way I want.
However, I'm now having problems with the screen flow when a user
who does not have the necessary permissions attempts to access
protected bean data.

I've found one post in this forum that talks about this issue. If I understand things
correctly, I can just add a descriptor to my web.xml file that looks like this:

<error-page>
<exception-type>
java.lang.SecurityException
</exception-type>
/admin/logOff.jspa
</error-page>

Presumably, this should send the user to my logoff page when a security
exception occurs. However, I'm not seeing any change in behaviour
after I add this descriptor.

I've also tried to catch the exception myself. I had only slightly more success
while using this approach. What happens is the exception is thrown
(the exception appears in the jboss server console), and then my code
catches the exception (I'm sending output to the jboss console upon
catching the exception). But... the exception gets thrown again and again.
So my attempt at catching it is pretty futile.

Does anybody have any suggestions for me?