I have two different security constraints in my web app deployed on Apache tomcat

Question

0

Asked: June 4, 20262026-06-04T23:26:51+00:00 2026-06-04T23:26:51+00:00

I have two different security constraints in my web app deployed on Apache tomcat

0

I have two different security constraints in my web app deployed on Apache tomcat 6. And tomcat is handling different authentication scenarios for my website.

My Problem:
E.g. page1 is accessible to only user1 and page2 is only accessible to user2. This is working fine.

The problem is if user1 is logged in, and he accesses page2 (which is not accessible to user1) then access denied error is presented to him instead of allowing him to login as different user. Authentication challenge should be presented if logged in user is

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T23:26:53+00:00

Editorial Team

2026-06-04T23:26:53+00:00Added an answer on June 4, 2026 at 11:26 pm

This behavior is mandated by the servlet specification. As suggested by @Rob, you should present your users with some options for dealing with the “unauthorized” condition: for example, logging-out and trying to access the resource again (which will ask for new credentials).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have two different security constraints in my web app deployed on Apache tomcat

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply