tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manger, James H" <>
Subject RE: manager and host-manager have 401.jsp that is not used
Date Wed, 21 Sep 2011 00:03:15 GMT
>On 20/09/2011 08:31, Manger, James H wrote:
>> The manager and host-manager apps included with Tomcat 7.0.21 are both:
>> * configured to use BASIC authentication; and
>> * configured with a custom error page for 401 (unauthenticated) error codes.
>> However, the customer error page is never used by Tomcat.
>> The 401.jsp file has lots of useful information that would be helpful to display
to a user if they cancel their browser's BASIC login prompt.

> Currently the 4th entry for 7.0.22
> Mark

I confirmed 401.jsp is being used properly in 7.0.20.

I couldn't find any release schedule for 7.0.22 (with the fix) at the Tomcat web site. Are
tentative release dates listed anywhere? Tomcat releases appear to be frequent enough (about
monthly, thanks!!) that a date for the next release is not too crucial, but it would be nice
to have an estimate now that I know it includes a fix I want.

P.S. Thanks for making it unnecessary to include the following line in 401.jsp:
  response.setHeader("WWW-Authenticate", "Basic ...");
It was removed from 401.jsp in March 2011 (revision 1084109).
I am not sure which change made it unnecessary (and if the change includes the 5.x and/or
6.x branches).

James Manger

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message