tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <de...@oma.be>
Subject Re: Changing content of response on canceled basic authentication
Date Thu, 23 Feb 2006 13:02:21 GMT
put your response.setHeader("WWW-Authenticate","Basic
realm=\"MySystem\""); insode your error page instead of authentification
servlet. (I guess sendError() clear all headers)



Oliver Schoenwald a écrit :

> Hello fellow tomcat users,
>
> I'm running Tomcat 5.5.4 with Apache 2.0.54 and mod_jk.
> The system uses basic authentication to serve certain pages
> for authenticated users.
>
> One of my users said that if he enters my system and is
> being asked to authenticate via that popup-windows, he
> sometimes hits the cancel-button of that popup-window.
> After that he his shown a page that seems to be generated
> from tomcat:
>
>
>  HTTP Status 401 - unauthorized
>
> ------------------------------------------------------------------------
>
> *type* Status report
>
> *message* _unauthorized_
>
> *description* _This request requires HTTP authentication (unauthorized)._
>
> ------------------------------------------------------------------------
>
>
>      Apache Tomcat/5.5.7
>
>
> The users said (and I concur) that this page is not only too technical,
> but it doesn't contain any informations for users that have forgotten
> their passwords or have to apply for their own account.
>
> Recently I tried out to set the <error-page> in web.xml for
> response-code 401
> to show a certain page with infos about forgotten passwords and how to
> apply for a new
> account, but after I restarted the server noone was able to login any
> longer.
> Whenever someone tried to open one page that required authentication,
> the defined error-page for error 401 was shown and no authentication
> request
> was passed to the client.
>
> Here some internas about my application:
>
> My web application is handling authentication internally, meaning I don't
> use an authentication realm in web.xml. A central Controller-Servlet (the
> one and only servlet of the whole web application, viva MVC) decides when
> a certain request requires authentication. When the requires
> credentials are
> not already part of the request, the Controller-Servlet sends the
> following
> as response using the Servlet-API:
>
> response.setHeader("WWW-Authenticate","Basic realm=\"MySystem\"");
> response.sendError(401,"unauthorized");
>
> Note: response is the HttpServletResponse-Object.
>
> When no error-page for error 401 is defined in web.xml that works
> properly.
>
> Here my questions:
> Can I configure tomcat properly without changing its code to send another
> authentication required-page instead of the defaut error-content?
>
>
> Thank you in advance,
>
> Oliver Schönwald
> Germany
>
>
>
>
>
>
>
>
>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message