Tomcat CMS, FBA and authorization
I've been implementing Form Based Authentication in a Web App hosted using Tomcat and have encountered a problem when a user is authenticated, but not authorized. When a user is not authorized for a page I want to be able to distiguish between two cases:
1) the user was already authenticated and should be told that the page isn't available, but not logged out and sent back to their previous page.
2) the user was only authenticated as they attempted to access this page and should be logged out and given an opportunity to log in with a different user name that has sufficient access.
Is there any way to tell if this user was just authenticated for this page, or how many pages the session has accessed or what page triggered the authentication request or anything else that would allow me to distiguish between these cases?
thanks, and there are dukes for useful answers.