Hello David, this solved my problem! Now my site works as wanted.
Thank you very very much, Oliver Schoenwald Germany David Delbecq schrieb:
put your response.setHeader("WWW-Authenticate","Basic realm=\"MySystem\""); insode your error page instead of authentification servlet. (I guess sendError() clear all headers) Oliver Schoenwald a écrit :Hello fellow tomcat users, I'm running Tomcat 5.5.4 with Apache 2.0.54 and mod_jk. The system uses basic authentication to serve certain pages for authenticated users. One of my users said that if he enters my system and is being asked to authenticate via that popup-windows, he sometimes hits the cancel-button of that popup-window. After that he his shown a page that seems to be generated from tomcat: HTTP Status 401 - unauthorized ------------------------------------------------------------------------ *type* Status report *message* _unauthorized_ *description* _This request requires HTTP authentication (unauthorized)._ ------------------------------------------------------------------------ Apache Tomcat/5.5.7 The users said (and I concur) that this page is not only too technical, but it doesn't contain any informations for users that have forgotten their passwords or have to apply for their own account. Recently I tried out to set the <error-page> in web.xml for response-code 401 to show a certain page with infos about forgotten passwords and how to apply for a new account, but after I restarted the server noone was able to login any longer. Whenever someone tried to open one page that required authentication, the defined error-page for error 401 was shown and no authentication request was passed to the client. Here some internas about my application: My web application is handling authentication internally, meaning I don't use an authentication realm in web.xml. A central Controller-Servlet (the one and only servlet of the whole web application, viva MVC) decides when a certain request requires authentication. When the requires credentials are not already part of the request, the Controller-Servlet sends the following as response using the Servlet-API: response.setHeader("WWW-Authenticate","Basic realm=\"MySystem\""); response.sendError(401,"unauthorized"); Note: response is the HttpServletResponse-Object. When no error-page for error 401 is defined in web.xml that works properly. Here my questions: Can I configure tomcat properly without changing its code to send another authentication required-page instead of the defaut error-content? Thank you in advance, Oliver Schönwald Germany--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
