some days ago I already asked a question regarding this context, but I had some time to
dive a bit into the Servlet API 2.3 Specification. So far, it seems that the specification states
that the container, not the servlet, is the layer attached to the client. And the container,
not the servlet, controls, which and how any http errors created by a servlet within the container
are handled, mapped and sent back to the client.
Some digging in the catalina source code retrieved that
in "HttpResponseBase.java" there is a method finishResponse where the handling of
every HTTP error >= 400 is hard-coded to be transformed into a simple, valid html-page with
a plainly written error summary.
However, we need the http error 401 to be send 'as is' to the client. It doesn't have to be directly,
but the container should not catch this error and create an html page out of it.
Does someone know how I can achieve this? Or has the Servlet API changed the communication
protocol so far that this is just no longer possible without violating the standard?
In that case, how SHOULD a servlet invalidate the current authentication so that the currently
buffered authentication data (buffered by the client/browser) are no longer accepted and the browser
is forced to ask the user again for authentication?
Thank you in advance,
Oliver Schönwald
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
