Access to error page denied in Firefox 2.0

Mon, 22 Jan 2007 07:11:47 -0800

I'm trying to set up form-based authentication in a JSF Application on Tomcat 5.5.4. I've got a login page, a welcome page and an error page. On entering the right username and password I get redirected to welcome.jsp. On entering the wrong credentials IE displays my custom error.html with a link back to login.html where I can try with the right password again. So far so good.
Firefox 2.0, however, displays "HTTP Status 403 - Access to the requested resource has been denied" if the wrong credentials are entered. I can't get back to the login page anymore, even with the back button in the browser. Logging in with the correct credentials works as expected. 


I understand that Tomcat forwards control to the error page configured in 
web.xml if authentication fails. I can't see any browser dependency here. 
Or does it do a redirect, i.e. go back to the browser first?



When setting up the application I followed Sun's Java 5 EE Tutorial 
(Chapter 30: Securing Web Applications) leaving out the mapping of roles to 
user groups as I haven't got any server groups.



The settings in the Tomcat admin application, which works fine, seem to be 
equivalent to mine although hard to compare as it is Struts and mine is JSF.



I've got an index.jsp file which takes me into the faces context. Could 
that cause problems?


Help is appreciated very much.
Marcel


<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>

<display-name>sec24</display-name>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<security-role-ref>
<role-name>loginUser</role-name>
<role-link>loginUser</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>WRCollection</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>loginUser</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>security</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>loginUser</role-name>
</security-role>
</web-app>




--
dipl. geogr. Marcel Frehner
Wissenschaftlicher Mitarbeiter
Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL
Abteilung Landschaftsinventuren
Zürcherstrasse 111
8903 Birmensdorf

Tel. +41-44-739 26 83
[EMAIL PROTECTED]
http://www.wsl.ch

----------------------------


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to