8
What is the behavior of security-role of web.xml when the user does not have access to project resources?
It is default for Weblogic to return a 404?
This status is configurable?
There is the possibility that when security identifies that the user does not have access to the resource, perform a redirect to another page?
2
Application servers return 401 (Not Authenticated) when the user is not authenticated and redirect to the authentication page if it is configured in web.xml.
When the user does not have the necessary role for the resource, return code 403 is returned (Forbidden - Forbidden).
If you want to customize the return code, or the page to be displayed, you will need to treat this programmatically.
boolean HttpServletRequest.isUserInRole(String role)
The Httpservletrequest object can be consulted. From the reply you can decide which return code or page will be displayed.
Browser other questions tagged java java-ee jsp
You are not signed in. Login or sign up in order to post.