Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 38697 invoked from network); 3 Jul 2007 22:22:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Jul 2007 22:22:23 -0000 Received: (qmail 88509 invoked by uid 500); 3 Jul 2007 22:22:22 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 88283 invoked by uid 500); 3 Jul 2007 22:22:21 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 88272 invoked by uid 500); 3 Jul 2007 22:22:21 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 88269 invoked by uid 99); 3 Jul 2007 22:22:21 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Jul 2007 15:22:21 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Jul 2007 15:22:18 -0700 Received: by brutus.apache.org (Postfix, from userid 33) id D18827141F1; Tue, 3 Jul 2007 15:21:57 -0700 (PDT) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 42409] - Extra response headers not sent when using custom error page In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20070703222157.D18827141F1@brutus.apache.org> Date: Tue, 3 Jul 2007 15:21:57 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=42409 knst.kolinko@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |knst.kolinko@gmail.com ------- Additional Comments From knst.kolinko@gmail.com 2007-07-03 15:21 ------- Hi, I would like to add my use case on to the scales. We are using Acegi Security Library for Spring (http://acegisecurity.org/) to perform authentication and authorization tasks in our web application. In essence, it works as a filter, declared in web.xml, and preprocesses the web request. We are using Digest authentication as per RFC 2617, but you might consider using Basic authentication as well. When there is a need to request user credentials, the library ([1]) generates WWW-Authenticate header containing realm name, random nonce value, and other information, and calls httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED), and the rest of the response is generated by the tomcat error page. Now, if I configure my own dynamic or static page for error code 401, the authentication stops working, because the WWW-Authenticate header is lost from the response. Versions: - Tomcat: 5.5.23 - Acegi Security System for Spring: 1.0.4 The relevant Acegi Security source code is method "commence()" of class org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint, lines 104-105 and above ([1]) [1] http://svn.sourceforge.net/viewvc/acegisecurity/tags/release_1_0_4/core/src/main/java/org/acegisecurity/ui/digestauth/DigestProcessingFilterEntryPoint.java?revision=1881&view=markup -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org