users@glassfish.java.net

LDAP authentication 403 Error Page

From: <glassfish_at_javadesktop.org>
Date: Thu, 15 May 2008 09:00:26 PDT

Hello, all,

I have a question regarding LDAP authentication with Glassfish. I have a web application running on my GlassFish V2 server that uses an LDAP directory to authenticate users. I'm facing a problem with users who are in the LDAP directory, but not in either of the authorized groups for the app.

If a user logs in with correct credentials, and they are in one of the two groups that are authorized to use the application, they are taken to a selection page, which is correct.

If a user logs in with incorrect credentials (i.e. a username that is not in the LDAP directory or an incorrect password), they are taken to an error page, specified with the <form-error-page> tag in the web.xml file, which is also correct.

However, if a user logs in with credentials that are in the LDAP directory, but not in either of the authorized groups, a 403 "Not Authorized" page is displayed instead of the error page. I believe this is happening because the login credentials are correct, and so the j_security_check function I am using determines that the login was successful. However, that user is still not authorized to view the welcome page in the app, so the server throws a 403 error instead.

Does anyone know if there's a way to force a GlassFish server to redirect all 403 errors to a specific error page, or failing that, some way I can at least present a more user-friendly error page than the 403? I can post code/config files as necessary. Thanks in advance!
[Message sent by forum member 'rphair' (rphair)]

http://forums.java.net/jive/thread.jspa?messageID=274608