This content has been marked as final. Show 2 replies
I think that jetty has a problem with form based security and roles.
I have secured "/secret" in my web.xml, and specified a loginpage and a page for when login fails (form based security). Only users with the role "super" is allowed into the /secret pages.
I have two users, john and mary, only mary has the "super" role.
When I login with a bad password or an unknown user I am directed to the login failure page as I should be, and of course when I log in as mary I get to my secret page.
But, when I try to see a secret page and log in as john then I do not get my failure page, but a 403 error instead.