Hello, all,
I have a question regarding LDAP authentication with Glassfish. I have a web application running on my GlassFish V2 server that uses an LDAP directory to authenticate users. I'm facing a problem with users who are in the LDAP directory, but not in either of the authorized groups for the app.
If a user logs in with correct credentials, and they are in one of the two groups that are authorized to use the application, they are taken to a selection page, which is correct.
If a user logs in with incorrect credentials (i.e. a username that is not in the LDAP directory or an incorrect password), they are taken to an error page, specified with the <form-error-page> tag in the web.xml file, which is also correct.
However, if a user logs in with credentials that are in the LDAP directory, but not in either of the authorized groups, a 403 "Not Authorized" page is displayed instead of the error page. I believe this is happening because the login credentials are correct, and so the j_security_check function I am using determines that the login was successful. However, that user is still not authorized to view the welcome page in the app, so the server throws a 403 error instead.
Does anyone know if there's a way to force a GlassFish server to redirect all 403 errors to a specific error page, or failing that, some way I can at least present a more user-friendly error page than the 403? I can post code/config files as necessary. Thanks in advance!
[Message sent by forum member 'rphair' (rphair)]
http://forums.java.net/jive/thread.jspa?messageID=274608