Hello fellow Tomcat users. I am trying to set up a very simple web app that has only static html pages. I want it to use BASIC authorization for just a few users. Simple stuff, right? I added the user and role that I wanted in the tomcat-users.xml file, and then I put this in the web.xml file for the application (which happens to be the ROOT application):
<web-app> <error-page> <error-code>404</error-code> <location>/errors/404.html</location> </error-page> <error-page> <error-code>401</error-code> <location>/errors/401.html</location> </error-page> <security-constraint> <web-resource-collection> <web-resource-name>PrivateStuff</web-resource-name> <url-pattern>/private/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>PrivateUsers</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Private</realm-name> </login-config> </web-app> I have a /index.html file which has a link to /PrivateStuff. The user clicks the link and should be prompted for a username and password, right? Wrong! It goes immediately to the not authorized page in /errors/401.html. If I take the two error-page sections out of web.xml, then everything works correctly, but I get the Tomcat default error pages for file not found and auth error. Showing default server error pages looks quite unprofessional, so I want to not do this. Any sugestions? Thanks! Btw, is there any company which sells commercial support for Tomcat? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
