Hi,
thanks for the response.
>The SAM is triggered whenever a protected URL is accessed. And it is not
clear why that is not sufficient for your case ?.
ok. That is fine. So, the _standard_ url isn't needed at all and I can use
whatever I want as long as I post to a protected URL.
> With the SAM you need to control the response. Firstly you should not use
FAILURE since that is for the Client Side SAM.
>Also the spec says the following (so my question to you is did you set a
Failure Response Message to be sent to the client or not ?)
Again, fine. I missed that. That is probably the problem with too trivial
examples :)
I added the response status and
s.setStatus(HttpServletResponse.SC_FORBIDDEN); response message
messageInfo.setResponseMessage(s);
But I still don't get the configured 403 error page .. not even the
GlassFish standard 403 but only a browser message.
Is there more magic I should know about? Or spec I haven't read? ;)
>you could set a cookie in the response.
Hmm..
Thanks!
- M