Hello all,

I have an application that uses J2EE security. We're using BA. For resources
 to which a user is not granted access to they receive the "Error 403: Autho
rizationFailed" page. I would like to replace or redirect that event to my o
wn page but I'm not sure ho
w.

Could someone direct me to a page or doc that tells me how? Thanks.

[ Post a follow-up to this message ]

In the Web Deployment Descriptor, you can specify what page to display when 
the users encounter error 403.

[ Post a follow-up to this message ]

> In the Web Deployment Descriptor, you can specify
> what page to display when the users encounter error
> 403.

Thank you for your response. I was under the impression that you may have be
en able to do that in the descriptor but wasn't sure what to add. The docs I
 found made references to setting an error page in the context of setting up
 a forms based login, ie. &
lt;form-login-page> & <form-error-page>. Is that what you are refer
ring to?

Once again thanks.

[ Post a follow-up to this message ]

No - this is not what I meant. If you open the Deployment Descriptor, with s
ay Websphere Studio App Developer, you should see four sections: Welcome pag
es, Login, Error pages, Exceptions.

What you were referring to was the second one, which is dealing specifically
 with the Login process. I was referring to the third one, which really hand
les the HTML error codes.

It should be within a block like the following:
<error-page id="ErrorCodeErrorPage_1133453892160">
<error-code>403</error-code>
<location>/my403ErrorPage.jsp</location>
</error-page>

Depending on your application, you could specify /logon.jsp in the <location
/> tag. This way when error 403 is thrown, the user gets presented with the 
logon page.

[ Post a follow-up to this message ]

Ah I see. I don't have the benefit of the WSAD or RAD at the moment so I was
n't sure where to look.

I will follow this lead. Thanks for the tip.

[ Post a follow-up to this message ]

jnegron@dtcc.com wrote:
> Ah I see. I don't have the benefit of the WSAD or RAD at the moment
> so I wasn't sure where to look.
>
> I will follow this lead. Thanks for the tip.


If you don't have WSAD you can see the same things in the ASTK, which is
freely available with WAS.

Also, just want to point out that Basic Auth is not very secure, as it
sends passwords in clear text. Hope you're using SSL ... (but you
probably knew this already).

Paul.

[ Post a follow-up to this message ]

I just installed the ASTK yesterday evening, so I'll be exploring that short
ly. We typically don't use WSAD/RAD/ASTK in our day to day hence my lack of 
familiarity with it.

> Also, just want to point out that Basic Auth is not very secure, as it
> sends passwords in clear text. Hope you're using SSL ... (but you
> probably knew this already).

Yup. We're working out some of the mechanics with respect to TAM and J2EE se
curity but thanks for the friendly reminder.

=)

[ Post a follow-up to this message ]

jnegron@dtcc.com wrote:
> I just installed the ASTK yesterday evening, so I'll be exploring
> that shortly. We typically don't use WSAD/RAD/ASTK in our day to day
> hence my lack of familiarity with it.
>
> 
>
>
> Yup. We're working out some of the mechanics with respect to TAM and
> J2EE security but thanks for the friendly reminder.
>
> =)

I just realized who I was responding to .. of course you guys know this
stuff, we've discussed it often enough ;-)

[ Post a follow-up to this message ]

No worries Paul. Any and all responses are always appreciated.

[ Post a follow-up to this message ]