tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manger, James H" <James.H.Man...@team.telstra.com>
Subject manager and host-manager have 401.jsp that is not used
Date Tue, 20 Sep 2011 07:31:50 GMT
The manager and host-manager apps included with Tomcat 7.0.21 are both:
* configured to use BASIC authentication; and
* configured with a custom error page for 401 (unauthenticated) error codes.
However, the customer error page is never used by Tomcat.

tomcat/webapps/[host-]manager/WEB-INF/web.xml has
...
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tomcat Manager Application</realm-name>
  </login-config>
...
  <error-page>
    <error-code>401</error-code>
    <location>/WEB-INF/jsp/401.jsp</location>
  </error-page>  

The 401.jsp file has lots of useful information that would be helpful to display to a user
if they cancel their browser's BASIC login prompt.

A custom 401.jsp file worked with BASIC in Tomcat 5.5.23.

Is 401.jsp supposed to be used in the manager and host-manager apps?
Or is it a relic that should be removed?
Or is it kept for cases where a different style of authentication is configured that might
use 401.jsp?

I hope I can provide a custom message when a user cancels a BASIC login. The manager and host-manager
apps appear to try to do what I want. But they don't work.

--
James Manger



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message