JAAS login with unauthorised user

StackOverflow https://stackoverflow.com/questions/16945054

  •  31-05-2022
  •  | 
  •  

Question

I've define two users: admin and user. now when I try to access admin pages using a no existing user, it send me back to the login page, so that's ok, But when I try to access admin pages using user's username and password, it send me to an error page and and if I try to access to the user page, It don't ask me to authenticate.

Was it helpful?

Solution

This is expected behavior. There are 2 phases when a user accesses a protected resource:

  1. Authentication – validating of a user credentials against a user repository
  2. Authorization – checking that a user has permissions to access a resource.

When the user authentication failed a server requires to perform the authentication once again. In the case for the Form Authentication a user see the login page once again. When the user authorization is failed a server shows authorization error page (generally it is HTTP 403 error). It is possible to customize the error page.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top