DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5725>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5725 Error Page Redirection failure for unauthorized access using Declarative Security Summary: Error Page Redirection failure for unauthorized access using Declarative Security Product: Tomcat 4 Version: 4.0.1 Final Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Critical Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] When you declare the error page for 403 unauthorized access <error-page> <error-code>403</error-code> <location>/unauthorized.html</location> </error-page> and use form based authentication <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp?error=1</form-error-page> </form-login-config> </login-config> and when you try to access a resource that your credentials aren't enough normally you should be redirected to unauthorized.html, but actually a HTTP 500 error happens. I have checked the logs a NullPointerException is thrown. But if you don't set the error page for 403, Tomcat shows the default 403 Error Page (No Problems) Below is the log entry: 2002-01-07 00:08:43 JDBCRealm[Standalone]: Username operator successfully authenticated 2002-01-07 00:08:43 JDBCRealm[Standalone]: Username operator does NOT have role BROKER 2002-01-07 00:08:43 JDBCRealm[Standalone]: Username operator does NOT have role LOADER 2002-01-07 00:08:43 HttpProcessor[80][3] process.invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status (ErrorDispatcherValve.java:291) at org.apache.catalina.valves.ErrorDispatcherValve.invoke (ErrorDispatcherValve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.AccessLogValve.invoke (AccessLogValve.java:462) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:163) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process (HttpProcessor.java:1011) at org.apache.catalina.connector.http.HttpProcessor.run (HttpProcessor.java:1106) at java.lang.Thread.run(Unknown Source) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
