put your response.setHeader("WWW-Authenticate","Basic realm=\"MySystem\""); insode your error page instead of authentification servlet. (I guess sendError() clear all headers)
Oliver Schoenwald a écrit : > Hello fellow tomcat users, > > I'm running Tomcat 5.5.4 with Apache 2.0.54 and mod_jk. > The system uses basic authentication to serve certain pages > for authenticated users. > > One of my users said that if he enters my system and is > being asked to authenticate via that popup-windows, he > sometimes hits the cancel-button of that popup-window. > After that he his shown a page that seems to be generated > from tomcat: > > > HTTP Status 401 - unauthorized > > ------------------------------------------------------------------------ > > *type* Status report > > *message* _unauthorized_ > > *description* _This request requires HTTP authentication (unauthorized)._ > > ------------------------------------------------------------------------ > > > Apache Tomcat/5.5.7 > > > The users said (and I concur) that this page is not only too technical, > but it doesn't contain any informations for users that have forgotten > their passwords or have to apply for their own account. > > Recently I tried out to set the <error-page> in web.xml for > response-code 401 > to show a certain page with infos about forgotten passwords and how to > apply for a new > account, but after I restarted the server noone was able to login any > longer. > Whenever someone tried to open one page that required authentication, > the defined error-page for error 401 was shown and no authentication > request > was passed to the client. > > Here some internas about my application: > > My web application is handling authentication internally, meaning I don't > use an authentication realm in web.xml. A central Controller-Servlet (the > one and only servlet of the whole web application, viva MVC) decides when > a certain request requires authentication. When the requires > credentials are > not already part of the request, the Controller-Servlet sends the > following > as response using the Servlet-API: > > response.setHeader("WWW-Authenticate","Basic realm=\"MySystem\""); > response.sendError(401,"unauthorized"); > > Note: response is the HttpServletResponse-Object. > > When no error-page for error 401 is defined in web.xml that works > properly. > > Here my questions: > Can I configure tomcat properly without changing its code to send another > authentication required-page instead of the defaut error-content? > > > Thank you in advance, > > Oliver Schönwald > Germany > > > > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]