In the last phase of the authentication process, Access Manager either grants or denies access to the user. If access is granted, Access Manager uses a login URL to display a page in the browser. If access is denied, Access Manager uses a redirection URL to display an alternate page in the browser. A typical alternate page contains a brief message indicating the user has been denied access.
Each authentication type (realm-based, role-based, and so forth) uses a login URL or redirection URL based on a specific order of precedence, and on whether the authentication succeeded or failed. For a detailed description of how Access Manager proceeds through the order of precedence, see Authentication Types in Sun Java System Access Manager 7.1 Administration Guide.