On Aug 28, 2012, at 6:20 PM, Markus Eisele wrote:
> Hi,
>
> thanks for the response.
>>
>> >The SAM is triggered whenever a protected URL is accessed. And it is not clear why that is not sufficient for your case ?.
>>
>> ok. That is fine. So, the _standard_ url isn't needed at all and I can use whatever I want as long as I post to a protected URL.
>>
>>
>> > With the SAM you need to control the response. Firstly you should not use FAILURE since that is for the Client Side SAM.
>>
>> >Also the spec says the following (so my question to you is did you set a Failure Response Message to be sent to the client or not ?)
>
>>
>> Again, fine. I missed that. That is probably the problem with too trivial examples :)
>> I added the response status and s.setStatus(HttpServletResponse.SC_FORBIDDEN); response message
>> messageInfo.setResponseMessage(s);
>>
>> But I still don't get the configured 403 error page .. not even the GlassFish standard 403 but only a browser message.
>> Is there more magic I should know about? Or spec I haven't read? ;)
Not sure if you have hit a bug then ?. Which version of GlassFish are you testing with ?. Are you saying whatever response message you set was lost ?.
>>
>>
>> >you could set a cookie in the response.
>>
>> Hmm..
>>
>> Thanks!
>> - M
>