Problem with jboss login

Hi,
I have two roles for which i have two different security constraints configured. I am using jboss databaseserverloginmodule with form based authentication.
If i give completely wrong credentials then error page is shown properly.
But if i ask a page which role1 is authorised to see and if i give login credentials of role2 to it then instead of showing error page it shows me http:403 forbidden error though i have configured error.jsp in login-config.
Please help me why this is happening?

You need a Welcome page in your descriptor that on authentication the user has access too ...

<welcome-file-list>
<welcome-file>members.jsp</welcome-file>
</welcome-file-list>

I have actually added the welcome page. But even then the error is coming. Please help?
Following is the discriptor.

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
<!-- Its required that display name be as specified -->

<display-name>PartnerPortal</display-name>

<!-- Action Servlet Configuration -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>

<load-on-startup>1</load-on-startup>
</servlet>


<!-- Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<!-- Session time out set to 30 min. -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>

<!-- Welcome file list -->
<welcome-file-list>
<welcome-file>/web/jsp/login/login.jsp</welcome-file>
</welcome-file-list>

<!-- ******************************************************************* -->
<!-- ***** taglibs ***************************************************** -->
<!-- ******************************************************************* -->
<taglib>
<taglib-uri>/WEB-INF/lib/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/lib/struts-html.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/lib/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/lib/struts-bean.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/lib/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/lib/struts-logic.tld</taglib-location>
</taglib>



<!-- #################################################### -->
<!-- Added by sunil for jboss login module implementation -->
<security-constraint>
<web-resource-collection>
<web-resource-name>adminresource</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/adminmenu.do</url-pattern>
<url-pattern>/web/jsp/change_password.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>reselleruserresource</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/resellerSetup.do</url-pattern>
<url-pattern>/resellerProduct.do</url-pattern>
<url-pattern>/adsl.do</url-pattern>
<url-pattern>/pstn.do</url-pattern>
<url-pattern>/isdn.do</url-pattern>
<url-pattern>/llvpn.do</url-pattern>
<url-pattern>/llvpnpp.do</url-pattern>
<url-pattern>/lesvpn.do</url-pattern>
<url-pattern>/lespp.do</url-pattern>
<url-pattern>/sdsl.do</url-pattern>

<url-pattern>/web/jsp/reseller_user/JBossStartGuide.pdf</url-pattern>
<url-pattern>/web/jsp/change_password.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>reselleruser</role-name>
</auth-constraint>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>login</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/forgotpassword.*</url-pattern>
<url-pattern>/home.do</url-pattern>
<url-pattern>/disclaimer.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

</security-constraint>


<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/web/jsp/login/login.jsp</form-login-page>
<form-error-page>/web/jsp/login/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>reselleruser</role-name>
</security-role>

<!-- End of Addion by sunil for jboss login module implementation -->
<!-- $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ -->


</web-app>

The welcome file list configuration has nothing to do with getting the status code 403 forbidden. Both users in role1 and role2 are authenticated to the web app if they login with correct username and password. The login error page is only displayed when a login fails.

The reason the user in role2 is getting 403 error (different than login error) is that only users in role1 is authorized to access that resource.

Hope this helps.

Regards,

All that is absolutely correct. But my problem is why is it showing that ugly error on screen when i have configured loginerror.jsp in login-config tags.