You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Watkins, James" <JW...@uicimktg.com> on 2003/10/16 17:14:50 UTC
confused about iis 5.1/tomcat 4.1.27
i am using j_security_check with a form based login screen... this works ok,
but here is my problem.
the entry page is a redirect to a secured page based on the referer url, or
the username. this works ok, i have two users, two roles and two acceptable
referer urls. in my web.xml i have 2 security constraints, one on each
destination page
now the problem is this:
if i log in as a user with the wrong role, i get big, ugly 403 error for the
secured page that says "you are not authorized to view this page." that
seems appropriate.
but, if i put:
<error-page>
<error-code>403</error-code>
<location>/marketing/incorrectpass.jsp</location>
</error-page>
in the web.xml page
and then do the same thing, i just get a smaller less ugly 403 error
message, but for j_security_check
any ideas?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Tomcat4 denial of service in debian...
Posted by "Dan K." <da...@yorku.ca>.
Hi,
Does anyone know if the version of tomcat4 mentioned in the
following advisory applies to 4.0.6?
http://www.securityfocus.com/archive/1/341310
I get the idea that it only applies to the debian packaged version
(4.0.3?)... ??
Regards,
Dan
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org