tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Configuring Tomcat 4.1.18 to handle 401 http errors
Date Tue, 25 Feb 2003 14:07:03 GMT

How about adding this to your web.xml:


Then do whatever you want in the servlet you map to the /my401ProcessingServlet url-pattern.

Yoav Shapira
Millennium ChemInformatics

>-----Original Message-----
>From: Oliver Schoenwald []
>Sent: Tuesday, February 25, 2003 4:18 AM
>To: Tomcat Users List
>Subject: Configuring Tomcat 4.1.18 to handle 401 http errors
>  Good morning!
>some days ago I already asked a question regarding this context, but I
>had some time to
>dive a bit into the Servlet API 2.3 Specification. So far, it seems that
>the specification states
>that the container, not the servlet, is the layer attached to the
>client. And the container,
>not the servlet, controls, which and how any http errors created by a
>servlet within the container
>are handled, mapped and sent back to the client.
>Some digging in the catalina source code retrieved that
>in "" there is a method finishResponse where the
>handling of
>every HTTP error >= 400 is hard-coded to be transformed into a simple,
>valid html-page with
>a plainly written error summary.
>However, we need the http error 401 to be send 'as is' to the client. It
>doesn't have to be directly,
>but the container should not catch this error and create an html page
>out of it.
>Does someone know how I can achieve this? Or has the Servlet API changed
>the communication
>protocol so far that this is just no longer possible without violating
>the standard?
>In that case, how SHOULD a servlet invalidate the current authentication
>so that the currently
>buffered authentication data (buffered by the client/browser) are no
>longer accepted and the browser
>is forced to ask the user again for authentication?
>Thank you in advance,
>Oliver Schönwald
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message