tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Laffey <>
Subject www authentication FYI
Date Sun, 25 Feb 2001 18:28:55 GMT
This is an FYI for people devloping servlets/JSP for use under Tomcat and
JRun. Tomcat works fine when using the Sun recommended way of setting
www-authenticate headers using setHEader followed by sendError with an
UNAUTHORIZED code. JRun, on the other hand (sorry, don't know the version,
but it is running Servlet API 2.1) need you to call setHeader followed by
setStatus(int) with the UNAUTHORIZED code (401). If you call sendError
jRun will not send the www-authenticate header and you will not be
prompted for a password in IE. Netscape will prompt you for a password for
"unknown" instead of for the Realm specified in the header (because the
header is not sent).

I am sending this because I figure a lot of people are doing devlopment
under Tomcat, but their servlets may be deployed using other servlet

Joe Laffey
LAFFEY Computer Imaging
St. Louis, MO

View raw message