tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Schoenwald <oliver.schoenw...@FernUni-Hagen.de>
Subject Re: Changing content of response on canceled basic authentication
Date Fri, 24 Feb 2006 09:33:49 GMT
Hello David,

this solved my problem! Now my site works as wanted.

Thank you very very much,

Oliver Schoenwald
Germany

David Delbecq schrieb:

>put your response.setHeader("WWW-Authenticate","Basic
>realm=\"MySystem\""); insode your error page instead of authentification
>servlet. (I guess sendError() clear all headers)
>
>
>
>Oliver Schoenwald a écrit :
>
>  
>
>>Hello fellow tomcat users,
>>
>>I'm running Tomcat 5.5.4 with Apache 2.0.54 and mod_jk.
>>The system uses basic authentication to serve certain pages
>>for authenticated users.
>>
>>One of my users said that if he enters my system and is
>>being asked to authenticate via that popup-windows, he
>>sometimes hits the cancel-button of that popup-window.
>>After that he his shown a page that seems to be generated
>>from tomcat:
>>
>>
>> HTTP Status 401 - unauthorized
>>
>>------------------------------------------------------------------------
>>
>>*type* Status report
>>
>>*message* _unauthorized_
>>
>>*description* _This request requires HTTP authentication (unauthorized)._
>>
>>------------------------------------------------------------------------
>>
>>
>>     Apache Tomcat/5.5.7
>>
>>
>>The users said (and I concur) that this page is not only too technical,
>>but it doesn't contain any informations for users that have forgotten
>>their passwords or have to apply for their own account.
>>
>>Recently I tried out to set the <error-page> in web.xml for
>>response-code 401
>>to show a certain page with infos about forgotten passwords and how to
>>apply for a new
>>account, but after I restarted the server noone was able to login any
>>longer.
>>Whenever someone tried to open one page that required authentication,
>>the defined error-page for error 401 was shown and no authentication
>>request
>>was passed to the client.
>>
>>Here some internas about my application:
>>
>>My web application is handling authentication internally, meaning I don't
>>use an authentication realm in web.xml. A central Controller-Servlet (the
>>one and only servlet of the whole web application, viva MVC) decides when
>>a certain request requires authentication. When the requires
>>credentials are
>>not already part of the request, the Controller-Servlet sends the
>>following
>>as response using the Servlet-API:
>>
>>response.setHeader("WWW-Authenticate","Basic realm=\"MySystem\"");
>>response.sendError(401,"unauthorized");
>>
>>Note: response is the HttpServletResponse-Object.
>>
>>When no error-page for error 401 is defined in web.xml that works
>>properly.
>>
>>Here my questions:
>>Can I configure tomcat properly without changing its code to send another
>>authentication required-page instead of the defaut error-content?
>>
>>
>>Thank you in advance,
>>
>>Oliver Schönwald
>>Germany
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message