tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: manager and host-manager have 401.jsp that is not used
Date Tue, 20 Sep 2011 08:44:30 GMT
On 20/09/2011 08:31, Manger, James H wrote:
> The manager and host-manager apps included with Tomcat 7.0.21 are both:
> * configured to use BASIC authentication; and
> * configured with a custom error page for 401 (unauthenticated) error codes.
> However, the customer error page is never used by Tomcat.
> 
> tomcat/webapps/[host-]manager/WEB-INF/web.xml has
> ...
>   <login-config>
>     <auth-method>BASIC</auth-method>
>     <realm-name>Tomcat Manager Application</realm-name>
>   </login-config>
> ...
>   <error-page>
>     <error-code>401</error-code>
>     <location>/WEB-INF/jsp/401.jsp</location>
>   </error-page>  
> 
> The 401.jsp file has lots of useful information that would be helpful to display to a
user if they cancel their browser's BASIC login prompt.
> 
> A custom 401.jsp file worked with BASIC in Tomcat 5.5.23.
> 
> Is 401.jsp supposed to be used in the manager and host-manager apps?
> Or is it a relic that should be removed?
> Or is it kept for cases where a different style of authentication is configured that
might use 401.jsp?

http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Currently the 4th entry for 7.0.22

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message