tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42409] - Extra response headers not sent when using custom error page
Date Tue, 03 Jul 2007 22:21:57 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42409>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42409


knst.kolinko@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |knst.kolinko@gmail.com




------- Additional Comments From knst.kolinko@gmail.com  2007-07-03 15:21 -------
Hi, I would like to add my use case on to the scales.

We are using Acegi Security Library for Spring (http://acegisecurity.org/) to
perform authentication and authorization tasks in our web application. In
essence, it works as a filter, declared in web.xml, and preprocesses the web
request. We are using Digest authentication as per RFC 2617, but you might
consider using Basic authentication as well.

When there is a need to request user credentials, the library ([1]) generates
WWW-Authenticate header containing realm name, random nonce value, and other
information, and calls
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED), and the rest of the
response is generated by the tomcat error page.

Now, if I configure my own dynamic or static page for error code 401, the
authentication stops working, because the WWW-Authenticate header is lost from
the response.


Versions:
 - Tomcat: 5.5.23
 - Acegi Security System for Spring: 1.0.4

The relevant Acegi Security source code is method "commence()" of class
org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint, lines 104-105
and above ([1])


 [1]
http://svn.sourceforge.net/viewvc/acegisecurity/tags/release_1_0_4/core/src/main/java/org/acegisecurity/ui/digestauth/DigestProcessingFilterEntryPoint.java?revision=1881&view=markup

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message