Configure Tomcat 6 so that users that do not have the correct role receive a custom error page

I am running Tomcat 6 with a form protected webapp that authenticates correctly with a Windows LDAP server. I am having an odd behavior:

• If UserA is a member of the correct group and logs in with the correct password, everything is okay
• If UserA is a member of the correct group and tries to log in with the wrong password, the user is redirected to the specified error page
• If UserB who is not a member of the correct group (and does not have the correct role) logs in with a bad password, the user is redirected to the specified error page
• If UserB who is not a member of the correct group (and does not have the correct role) logs in with their correct LDAP password, they are bounced back to the log in page and never get the error page

Is there a way to adjust Tomcat to direct people who have the right LDAP authentication but the wrong role to a custom error page?

This a snipit from my web.xml

 <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
     <form-login-page>/auth/logon.html</form-login-page>
     <form-error-page>/auth/logonError.html</form-error-page&开发者_运维技巧gt;
  </form-login-config>
 </login-config>

Yeah, you can do it redirecting HTTP 403 error in the web.xml file:

<error-page>
    <error-code>403</error-code>
    <location>/error.jsp</location>
</error-page>

Note that a bad login is a different thing that insufficient permissions.