1 Reply Latest reply on Jul 27, 2002 12:25 PM by Greg Wilkins

    Form-based login and authorization

    Guofeng Zhang Novice

      It is a form-based login web app.
      After I authenticated, if I acessed a resource that I have no right to access it, the browser dispaly a page that list "forbidden, Error code 403".

      In weblogic, the browser will display the form-error-page page which configured in web.xml.

      Is this a bug of JBoss 3.0 or I have not configured the JBoss 3.0 correctly.

      I use the Jetty web server embedded in JBoss.




        • 1. Re: Form-based login and authorization
          Greg Wilkins Newbie

          The spec is not clear what should happen in this circumstance. However, I do believe that the 403
          forbidden is the more correct response.

          The form error page is intended to be displayed when an authentication error has occured during logon (wrong username or password). In your case, their is no
          problem with authentication, you simply have insufficient
          priviledges to view the requested page.

          Note that you can use the error page mechanism to provide
          a custom page for 403 responses.

          regards