Metawerx Java Hosting Small Logo

<form-error-page>

Used in a <form-login-config> element to specify the relative URL for the login error page.

The user is redirected to this page after an unsuccessful login attempt.

Usually this page would contain an error message, and either a login form for more attempts, or a link back to the login page.

FORM-Based Authentication errors

  • In Servlets 2.3 compliant containers, the error page is sent with an HTTP status code of 401 (Unauthorized). Therefore, if a custom error page has been set for the application, behaviour is undefined (the login error page may be displayed, or the custom error page may be displayed). However, this was changed in 2.4.
  • In Servlets 2.4 compliant containers, the error page is sent with an HTTP status code of 200 (OK). The change was apparently made because there is no suitable HTTP status code. 401 is normally used authentication types where the browser itself is able to send authentication HTTP headers (ie: from a dialog box or certificate). This is suitable for BASIC or DIGEST style Authentication, or when using a client-side certificate. In a FORM-based authentication system however, the browser is not able to send any authentication of it's own, and is unaware that that the form being displayed contains authentication details.

See Also

navigation
metawerx specific
search
Share
tools
help

referring pages

Share