1 Reply Latest reply on Sep 5, 2004 5:53 AM by Jim

    Declarative Web Sec: How do I specify destination pages for

    Jim Newbie

      Here's the scenario:

      Jboss-3.0.8 + Tomcat-4.1.24

      I log in to my app as 'cust1' who is assigned role 'Customer' in my security DB.
      'cust1' then requests a path which, in web.xml, is protected under role 'Admin'.

      The container should recognize this user as an authenticated user and it should recognize this request as an unauthorized request. And it appears as though it does. (It doesn't permit
      access but instead routes the user to the index.jsp page).

      So what I'd like to know is why the container routes the request to my index.jsp page. I don't see anything in the logs prior to the
      index.jsp being rendered/processed.

      Just what is a J2EE web container's policy on where to go if the authenticated user doesn't have the required access rights to a requested resource?