What is the behavior of security-role of web.xml when user is not allowed access to project resources?
Is the weblogic default to return a 404?
Is this status configurable?
Is there a possibility that when security identifies that the user does not have permission to access the resource, perform a redirect to another page?
Application servers return 401 (Not Authenticated) when the user is not authenticated and redirect to the authentication page if it is configured in web.xml.
When the user does not have the required role for the resource, return code 403 (Forbidden) is returned.
If you want to customize the return code, or the page to be displayed, you will have to treat this programmatically.
boolean HttpServletRequest.isUserInRole(String role)
The HttpServletRequest object can be queried. From the reply you can decide which return code or page will be displayed.