tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johann Uhrmann <>
Subject Send code 401 instead of 403
Date Fri, 25 Oct 2002 12:06:38 GMT

when using basic authentication with tomcat, tomcat sends a 401 response
code if the user is accessing the page for the first time.

This makes the browser show a login window and retry the request with
the username/password provided by the user.

However, if there is already a username and password in the request,
then tomcat answers with a 403 code which does not result in a login

Unfortunately, if the user makes a typo when he/she tries to log in
there is no chance to make another try except restarting the web

Does tomcat provide any mechanism to make it return 401 instead of 403?
(except the hack of specifying a user based 403 jsp and make it return



To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message