You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jill Han <ji...@alverno.edu> on 2009/04/23 17:09:44 UTC
customize HTTP Status 401 error page
If using Basic authentication, the unsuccessful login, or just click "Cancel" button will trigger the 401 page.
My question is
1. is there a way to customize "cancel" action? So there will be no error message prompted.
2. Is there a way to customize tomcat HTTP Status 401 error message to a more user meaningful one?
Thanks,
Jill
RE: customize HTTP Status 401 error page
Posted by Jill Han <ji...@alverno.edu>.
The correct tag should be
<error-page>
<error-code>401</error-code>
<location>/error401.jsp</location>
</error-page>
Thanks,
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Thursday, April 23, 2009 10:18 AM
To: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
You've hijacked your own thread. :(
On 4/23/2009 11:09 AM, Jill Han wrote:
> If using Basic authentication, the unsuccessful login, or just click
> "Cancel" button will trigger the 401 page.
<
> My question is
> 1. is there a way to customize "cancel" action? So there will be no error message prompted.
No.
> 2. Is there a way to customize tomcat HTTP Status 401 error message
> to a more user meaningful one?
Yes. See the section of web.xml that has <error-page> entries.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknwhqwACgkQ9CaO5/Lv0PDMlwCfaUP6+zxHQPeY2aTAfnNg2vPs
CGsAn1VpRpeMpCps63lgXkS8nGS1FA61
=6j3U
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: customize HTTP Status 401 error page
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chuck,
>
> On 4/24/2009 11:35 AM, Caldarale, Charles R wrote:
>> I'm not sure what you're trying to accomplish by defining an error
>> page for a 401 status; my understanding is that a 401 just triggers
>> the login dialog for the browser - there's no HTML or other data to
>> display with the status.
>
> If the client aborts (such as too many attempts or user chooses "cancel"
> instead of submitting credentials), the 401 page will be displayed, so
> there is some utility in defining a page for this status if HTTP Auth
> will be used.
>
Let's nitpick here.
If you're using IE, you may define 401 pages all you want, it's going to
show its own anyway.
;-)
(ok, unless you think of making your 401 page larger than 1024 bytes or
so, and probably also turn off its "friendly error messages" option).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: customize HTTP Status 401 error page
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 4/24/2009 11:35 AM, Caldarale, Charles R wrote:
> I'm not sure what you're trying to accomplish by defining an error
> page for a 401 status; my understanding is that a 401 just triggers
> the login dialog for the browser - there's no HTML or other data to
> display with the status.
If the client aborts (such as too many attempts or user chooses "cancel"
instead of submitting credentials), the 401 page will be displayed, so
there is some utility in defining a page for this status if HTTP Auth
will be used.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkn1wYgACgkQ9CaO5/Lv0PBYcgCfXtuc8344m3cBkQYQDxqq+TTK
86oAn0+LZoOvruSeLFj2DG6C9/+UO8zD
=VJ/C
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: customize HTTP Status 401 error page
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Jill Han [mailto:jill.han@alverno.edu]
> Subject: RE: customize HTTP Status 401 error page
There is at least one thing wrong with your web.xml:
> <url-pattern>*</url-pattern>
That's not a valid URL pattern; perhaps you meant "/*".
I'm not sure what you're trying to accomplish by defining an error page for a 401 status; my understanding is that a 401 just triggers the login dialog for the browser - there's no HTML or other data to display with the status. Customizing a 403 would be meaningful.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: customize HTTP Status 401 error page
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Martin Gainty [mailto:mgainty@hotmail.com]
> Subject: RE: customize HTTP Status 401 error page
>
> what happens when you supply the webapplication name to
> <url-pattern> and restart TC?
That would violate the servlet spec. The webapp name *never* appears in web.xml, other than perhaps as documenation.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: customize HTTP Status 401 error page
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
On 4/24/2009 10:55 AM, Jill Han wrote:
> At this point, I just explored the options between basic and form-based authentication.
> No real webapp is build yet. The displayed name is just directory name, app1, under webapps.
I think it would be helpful if you were to post your entire web.xml
file. Also, are you using Tomcat all by itself, or are you using Apache
httpd or some other web server out in front? That could be complicating
things. If you /are/ using httpd, please post the configuration you use
to connect the two.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkn1wGgACgkQ9CaO5/Lv0PDbGwCfQJSNGaw0tzr/4ZGwxRnZwlBJ
cOYAmwQ8SB0MwNfOWGRsD0+SUzEJ+owH
=f2OE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: customize HTTP Status 401 error page
Posted by Jill Han <ji...@alverno.edu>.
At this point, I just explored the options between basic and form-based authentication.
No real webapp is build yet. The displayed name is just directory name, app1, under webapps.
As I stated before, if it is run on window, http://localhost:8080/app1, there will be no authentication window prompted, instead error.html; even after I restarted the TC, and put http://localhost:8080/app1 in the address bar.
If it is run on Linux, http://serverName:8080/app1, authentication window is prompted, but error.html will not replace 401 message when authentication failed.
If I choose to use form-based authentication, there will be other issues as I stated in the previous email about form-based authentication.
Right now, I am not quite sure which route.
Jill
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Friday, April 24, 2009 9:23 AM
To: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
On 4/24/2009 9:04 AM, Jill Han wrote:
> The display-name is Faculty Resources. If I supply this name to the
> url, http://localhost:8080/Faculty Resources, it will generate 404
> error.
I think you may be very confused about a lot of things. The
<display-name> element basically just names the webapp so that if you
are using a tool to browse webapps (like LambdaProbe or others) that's
the name that gets displayed.
It has nothing to do with deployment, and certainly won't respond to a
request in any meaningful way.
Do you have a resource defined for "Faculty Resources"? I suspect not.
What is the name of your webapp? That's either the name of the WAR file
or the name of the context XML file (without the .xml extension) you put
into conf/[engine]/[host]/myContextName.xml.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknxyzoACgkQ9CaO5/Lv0PBOPwCePKi5y7Hw96zrN0bMQ96utxE3
ePcAn20+xPa694Plp1+bZXyOntHGS57d
=L0NA
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: customize HTTP Status 401 error page
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
On 4/24/2009 9:04 AM, Jill Han wrote:
> The display-name is Faculty Resources. If I supply this name to the
> url, http://localhost:8080/Faculty Resources, it will generate 404
> error.
I think you may be very confused about a lot of things. The
<display-name> element basically just names the webapp so that if you
are using a tool to browse webapps (like LambdaProbe or others) that's
the name that gets displayed.
It has nothing to do with deployment, and certainly won't respond to a
request in any meaningful way.
Do you have a resource defined for "Faculty Resources"? I suspect not.
What is the name of your webapp? That's either the name of the WAR file
or the name of the context XML file (without the .xml extension) you put
into conf/[engine]/[host]/myContextName.xml.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknxyzoACgkQ9CaO5/Lv0PBOPwCePKi5y7Hw96zrN0bMQ96utxE3
ePcAn20+xPa694Plp1+bZXyOntHGS57d
=L0NA
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: customize HTTP Status 401 error page
Posted by Jill Han <ji...@alverno.edu>.
The display-name is Faculty Resources.
If I supply this name to the url, http://localhost:8080/Faculty Resources, it will generate 404 error.
-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, April 23, 2009 4:08 PM
To: Tomcat Users List
Subject: RE: customize HTTP Status 401 error page
X-HOSTLOC: alverno.edu/10.0.60.10
the url-pattern is usually the contextPath such as
http://host:port + ContextPath is compared to the <url-pattern>
http://edocs.bea.com/wls/docs61/webapp/web_xml.html
what is the webapplication name?
what happens when you supply the webapplication name to <url-pattern>
and restart TC?
Martin
______________________________________________
Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité
This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Subject: RE: customize HTTP Status 401 error page
> Date: Thu, 23 Apr 2009 15:19:39 -0500
> From: jill.han@alverno.edu
> To: users@tomcat.apache.org
>
> Here is web.xml
> <web-app>
> <display-name>Faculty Resources</display-name>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>FACRES</web-resource-name>
> <url-pattern>*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>TESTING</realm-name>
> </login-config>
> <error-page>
> <error-code>401</error-code>
> <location>/error.html</location>
> </error-page>
>
> <security-role>
> <role-name>CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC</role-name>
> </security-role>
>
> <session-config>
> <session-timeout>2</session-timeout>
> </session-config>
> </web-app>
>
> Yes, if it is run on Window, no credential window was prompted, but instead, the error.html
> However, if it is run on Linux, credential window was prompted, but, if unsuccessful, or clicking "Cancel", 401 error message still show up. <error-page> was ignored.
>
> Jill
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Thursday, April 23, 2009 2:55 PM
> To: Tomcat Users List
> Subject: Re: customize HTTP Status 401 error page
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jill,
>
> On 4/23/2009 1:20 PM, Jill Han wrote:
> > I still need helps.
> > Here is the web.xml
> > ...
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>TESTING</realm-name>
> > </login-config>
> >
> > <error-page>
> > <error-code>401</error-code>
> > <location>/error.html</location>
> > </error-page>
> > ...
> > The error.html is replaced the 401 error message, however there will be no authentication window prompted, error.html is somehow loaded all the time.
>
> What do your <security-constraint> elements look like?
>
> Are you saying you are getting a 401 response but never being asked for
> your credentials?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAknwx6UACgkQ9CaO5/Lv0PBfLACfU2OGHvHDUX0qeCeaIVoRoJz9
> rO4AoK5hbI7c96Dz31J0ZCaOhLzgPcaS
> =xKJK
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Rediscover Hotmail®: Now available on your iPhone or BlackBerry
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile2_042009
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: customize HTTP Status 401 error page
Posted by Martin Gainty <mg...@hotmail.com>.
the url-pattern is usually the contextPath such as
http://host:port + ContextPath is compared to the <url-pattern>
http://edocs.bea.com/wls/docs61/webapp/web_xml.html
what is the webapplication name?
what happens when you supply the webapplication name to <url-pattern>
and restart TC?
Martin
______________________________________________
Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité
This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Subject: RE: customize HTTP Status 401 error page
> Date: Thu, 23 Apr 2009 15:19:39 -0500
> From: jill.han@alverno.edu
> To: users@tomcat.apache.org
>
> Here is web.xml
> <web-app>
> <display-name>Faculty Resources</display-name>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>FACRES</web-resource-name>
> <url-pattern>*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>TESTING</realm-name>
> </login-config>
> <error-page>
> <error-code>401</error-code>
> <location>/error.html</location>
> </error-page>
>
> <security-role>
> <role-name>CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC</role-name>
> </security-role>
>
> <session-config>
> <session-timeout>2</session-timeout>
> </session-config>
> </web-app>
>
> Yes, if it is run on Window, no credential window was prompted, but instead, the error.html
> However, if it is run on Linux, credential window was prompted, but, if unsuccessful, or clicking "Cancel", 401 error message still show up. <error-page> was ignored.
>
> Jill
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Thursday, April 23, 2009 2:55 PM
> To: Tomcat Users List
> Subject: Re: customize HTTP Status 401 error page
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jill,
>
> On 4/23/2009 1:20 PM, Jill Han wrote:
> > I still need helps.
> > Here is the web.xml
> > ...
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>TESTING</realm-name>
> > </login-config>
> >
> > <error-page>
> > <error-code>401</error-code>
> > <location>/error.html</location>
> > </error-page>
> > ...
> > The error.html is replaced the 401 error message, however there will be no authentication window prompted, error.html is somehow loaded all the time.
>
> What do your <security-constraint> elements look like?
>
> Are you saying you are getting a 401 response but never being asked for
> your credentials?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAknwx6UACgkQ9CaO5/Lv0PBfLACfU2OGHvHDUX0qeCeaIVoRoJz9
> rO4AoK5hbI7c96Dz31J0ZCaOhLzgPcaS
> =xKJK
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Rediscover Hotmail®: Now available on your iPhone or BlackBerry
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile2_042009
RE: customize HTTP Status 401 error page
Posted by Jill Han <ji...@alverno.edu>.
Here is web.xml
<web-app>
<display-name>Faculty Resources</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>FACRES</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TESTING</realm-name>
</login-config>
<error-page>
<error-code>401</error-code>
<location>/error.html</location>
</error-page>
<security-role>
<role-name>CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC</role-name>
</security-role>
<session-config>
<session-timeout>2</session-timeout>
</session-config>
</web-app>
Yes, if it is run on Window, no credential window was prompted, but instead, the error.html
However, if it is run on Linux, credential window was prompted, but, if unsuccessful, or clicking "Cancel", 401 error message still show up. <error-page> was ignored.
Jill
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Thursday, April 23, 2009 2:55 PM
To: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
On 4/23/2009 1:20 PM, Jill Han wrote:
> I still need helps.
> Here is the web.xml
> ...
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>TESTING</realm-name>
> </login-config>
>
> <error-page>
> <error-code>401</error-code>
> <location>/error.html</location>
> </error-page>
> ...
> The error.html is replaced the 401 error message, however there will be no authentication window prompted, error.html is somehow loaded all the time.
What do your <security-constraint> elements look like?
Are you saying you are getting a 401 response but never being asked for
your credentials?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknwx6UACgkQ9CaO5/Lv0PBfLACfU2OGHvHDUX0qeCeaIVoRoJz9
rO4AoK5hbI7c96Dz31J0ZCaOhLzgPcaS
=xKJK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: customize HTTP Status 401 error page
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
On 4/23/2009 1:20 PM, Jill Han wrote:
> I still need helps.
> Here is the web.xml
> ...
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>TESTING</realm-name>
> </login-config>
>
> <error-page>
> <error-code>401</error-code>
> <location>/error.html</location>
> </error-page>
> ...
> The error.html is replaced the 401 error message, however there will be no authentication window prompted, error.html is somehow loaded all the time.
What do your <security-constraint> elements look like?
Are you saying you are getting a 401 response but never being asked for
your credentials?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknwx6UACgkQ9CaO5/Lv0PBfLACfU2OGHvHDUX0qeCeaIVoRoJz9
rO4AoK5hbI7c96Dz31J0ZCaOhLzgPcaS
=xKJK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: customize HTTP Status 401 error page
Posted by Jill Han <ji...@alverno.edu>.
I still need helps.
Here is the web.xml
...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TESTING</realm-name>
</login-config>
<error-page>
<error-code>401</error-code>
<location>/error.html</location>
</error-page>
...
The error.html is replaced the 401 error message, however there will be no authentication window prompted, error.html is somehow loaded all the time.
Thanks,
Jill
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Thursday, April 23, 2009 10:18 AM
To: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
You've hijacked your own thread. :(
On 4/23/2009 11:09 AM, Jill Han wrote:
> If using Basic authentication, the unsuccessful login, or just click
> "Cancel" button will trigger the 401 page.
<
> My question is
> 1. is there a way to customize "cancel" action? So there will be no error message prompted.
No.
> 2. Is there a way to customize tomcat HTTP Status 401 error message
> to a more user meaningful one?
Yes. See the section of web.xml that has <error-page> entries.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknwhqwACgkQ9CaO5/Lv0PDMlwCfaUP6+zxHQPeY2aTAfnNg2vPs
CGsAn1VpRpeMpCps63lgXkS8nGS1FA61
=6j3U
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: customize HTTP Status 401 error page
Posted by Jill Han <ji...@alverno.edu>.
Would you give some instructions on doing that?
I tried to put <error-page>/error.html</error-page> in application own web.xml
And tomcat conf/web.xml, they won't work. The HTTP Status 401 error page is still used.
Thanks,
Jill
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Thursday, April 23, 2009 10:18 AM
To: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
You've hijacked your own thread. :(
On 4/23/2009 11:09 AM, Jill Han wrote:
> If using Basic authentication, the unsuccessful login, or just click
> "Cancel" button will trigger the 401 page.
<
> My question is
> 1. is there a way to customize "cancel" action? So there will be no error message prompted.
No.
> 2. Is there a way to customize tomcat HTTP Status 401 error message
> to a more user meaningful one?
Yes. See the section of web.xml that has <error-page> entries.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknwhqwACgkQ9CaO5/Lv0PDMlwCfaUP6+zxHQPeY2aTAfnNg2vPs
CGsAn1VpRpeMpCps63lgXkS8nGS1FA61
=6j3U
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: customize HTTP Status 401 error page
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jill,
You've hijacked your own thread. :(
On 4/23/2009 11:09 AM, Jill Han wrote:
> If using Basic authentication, the unsuccessful login, or just click
> "Cancel" button will trigger the 401 page.
<
> My question is
> 1. is there a way to customize "cancel" action? So there will be no error message prompted.
No.
> 2. Is there a way to customize tomcat HTTP Status 401 error message
> to a more user meaningful one?
Yes. See the section of web.xml that has <error-page> entries.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknwhqwACgkQ9CaO5/Lv0PDMlwCfaUP6+zxHQPeY2aTAfnNg2vPs
CGsAn1VpRpeMpCps63lgXkS8nGS1FA61
=6j3U
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org