You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Watkins, James" <JW...@uicimktg.com> on 2003/10/16 17:14:50 UTC

confused about iis 5.1/tomcat 4.1.27

i am using j_security_check with a form based login screen... this works ok,
but here is my problem.
the entry page is a redirect to a secured page based on the referer url, or
the username. this works ok, i have two users, two roles and two acceptable
referer urls. in my web.xml i have 2 security constraints, one on each
destination page

now the problem is this:

if i log in as a user with the wrong role, i get big, ugly 403 error for the
secured page that says  "you are not authorized to view this page." that
seems appropriate.

but, if i put:  

<error-page>
  <error-code>403</error-code>
  <location>/marketing/incorrectpass.jsp</location>  
  </error-page>

in the web.xml page

and then do the same thing, i just get a smaller less ugly 403 error
message, but for j_security_check

any ideas?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Tomcat4 denial of service in debian...

Posted by "Dan K." <da...@yorku.ca>.

Hi,

Does anyone know if the version of tomcat4 mentioned in the
following advisory applies to 4.0.6?

http://www.securityfocus.com/archive/1/341310

I get the idea that it only applies to the debian packaged version
(4.0.3?)... ??

Regards,
Dan


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org