Hi!
In a application i´m using JDBCRealm and form-based login to
authenticate the user. But i have som problems.
When i enter a user with correct username, password and role everything
works fine. Entering username or password incorrect i´m beeing
redirected to the login-error-page, that´s correct. But when i enter
username and password that exist in the DB but the user don´t have the
correct role i´m still authenticated or get the error code 403, if i´m
authenticated and click the logout i got the 403 message.
All my application shares the symptoms, even admin and manager. Can i
fix this??
I searched the internet for an answer to this and found this Thread from
years ago.
http://mail-archives.apache.org/mod_mbox/tomcat-users/200201.mbox/[EMAIL PROTECTED]
And the answer:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200201.mbox/[EMAIL PROTECTED]
As it says the formbased doesn´t care about the role. But why does it
care about it when you are using basic authentication.
I don´t post any code because i´m followed the documentation to setup
the JDBCRealm. The only difference is that my user_role is a view not a
table. It´s in my opinion a ugly database design to only have
"user_table" and "user_role" table in a many-to-many relationship....
End talking about databasedesign. I simply wonder if it is any solution
to this problem besides taking care of it in the application.
Thanks a lot in advance!
/Henrik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
