I'm interested in what others have to say about this too...for instance there is no provision for disabling an account either...if the account exists you can login with it.
I'm not sure I understand the second part of your question about authorization...do yo mean authorization or authentication?...if you really mean authentication, it sounds to me like you don't have something set up correctly...you should be getting a 403 access denied in both firefox and ie if login fails. Authorization has nothing to do with form based authentication and would be handled by the container based on the roles you create. Curtis On Tue, Oct 20, 2009 at 1:50 AM, Nirvann <jatin.kulka...@yahoo.com> wrote: > > I am trying to explore the form based authentication provided by container. I > have some doubts regarding same. > The first thing is what mechanism can be used to handle authorization > errors. For authentication we have control of jsp pages (Login and Login > error pages). But there is nothing to let users know that they are failing > role based authorization. > Secondly, a subquestion of first, how does the container signal an > authorization error. I tried with IE and Mozilla. In IE I get a 404 resource > not found. In mozilla it just displays a blank page. > > regards, > nirvan. > > -- > View this message in context: > http://www.nabble.com/doubts-about-tomcat-form-based-authentication-tp25970503p25970503.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Curtis Garman Web Programmer Heartland Community College --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
