1 Reply Latest reply on Mar 28, 2006 11:58 AM by Scott Stark

    HTTP Status 403 - when missing role

    dominique boeckli Newbie

      Log in is working perfect. When I log in with wrong password i am redirected to the page defined in web.xml. But when i am using a user with missing role then i am not redirected to the defined error page, i get the standard Tomcat "HTTP Status 403 - Access to the requested resource has been denied" page.

      here an extract of the web.xml

       <!-- Security -->
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>restricted</web-resource-name>
       <url-pattern>/prot/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>administrator</role-name>
       <role-name>catloguser</role-name>
       </auth-constraint>
       </security-constraint>
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/login/login.jsf</form-login-page>
       <form-error-page>/login/loginFailed.jsf</form-error-page>
       </form-login-config>
       </login-config>
       <security-role>
       <role-name>administrator</role-name>
       </security-role>
       <security-role>
       <role-name>catloguser</role-name>
       </security-role>
      


      What i did wrong? Many thanks for your help.