In the last phase of the authentication process, Access Manager either grants or denies access to the user. If access is granted, Access Manager uses a login URL to display a login page in the browser. If access is denied, Access Manager uses a redirection URL to display an alternate page in the browser. A typical alternate page contains a brief message indicating the user has been denied access.
Each authentication type uses a login URL or redirection URL depending on a specific order of precedence. The order of precedence is based on the authentication type used (realm-based, role-based, and so forth), and on whether authentication succeeded or failed. For a detailed description of how Access Manager proceeds through the order of precedence, see Chapter 7, Managing Authentication, in Sun Java System Access Manager 7 2005Q4 Administration Guide.