You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/01/07 20:38:58 UTC
DO NOT REPLY [Bug 5725] New: -
Error Page Redirection failure for unauthorized access using Declarative Security
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5725>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5725
Error Page Redirection failure for unauthorized access using Declarative Security
Summary: Error Page Redirection failure for unauthorized access
using Declarative Security
Product: Tomcat 4
Version: 4.0.1 Final
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Critical
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: ryildirim@yahoo.com
CC: ryildirim@yahoo.com
When you declare the error page for 403 unauthorized access
<error-page>
<error-code>403</error-code>
<location>/unauthorized.html</location>
</error-page>
and use form based authentication
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=1</form-error-page>
</form-login-config>
</login-config>
and when you try to access a resource that your credentials aren't enough
normally you should be redirected to unauthorized.html, but actually a HTTP 500
error happens. I have checked the logs a NullPointerException is thrown.
But if you don't set the error page for 403, Tomcat shows the default 403 Error
Page (No Problems)
Below is the log entry:
2002-01-07 00:08:43 JDBCRealm[Standalone]: Username operator successfully
authenticated
2002-01-07 00:08:43 JDBCRealm[Standalone]: Username operator does NOT have role
BROKER
2002-01-07 00:08:43 JDBCRealm[Standalone]: Username operator does NOT have role
LOADER
2002-01-07 00:08:43 HttpProcessor[80][3] process.invoke
java.lang.NullPointerException
at org.apache.catalina.valves.ErrorDispatcherValve.status
(ErrorDispatcherValve.java:291)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke
(ErrorDispatcherValve.java:180)
at org.apache.catalina.core.StandardPipeline.invokeNext
(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext
(StandardPipeline.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke
(AccessLogValve.java:462)
at org.apache.catalina.core.StandardPipeline.invokeNext
(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext
(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process
(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run
(HttpProcessor.java:1106)
at java.lang.Thread.run(Unknown Source)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>