You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Joe Tomcat <to...@mobile.mp> on 2002/08/09 14:02:10 UTC

Custom error pages and BASIC authorization

Hello fellow Tomcat users.  I am trying to set up a very simple web app
that has only static html pages.  I want it to use BASIC authorization
for just a few users.  Simple stuff, right?  I added the user and role
that I wanted in the tomcat-users.xml file, and then I put this in the
web.xml file for the application (which happens to be the ROOT
application):

<web-app>

<error-page>
  <error-code>404</error-code>
  <location>/errors/404.html</location>
</error-page>

<error-page>
  <error-code>401</error-code>
  <location>/errors/401.html</location>
</error-page>

<security-constraint>
  <web-resource-collection>
   <web-resource-name>PrivateStuff</web-resource-name>
   <url-pattern>/private/*</url-pattern>
  </web-resource-collection>

  <auth-constraint>
   <role-name>PrivateUsers</role-name>
  </auth-constraint>
</security-constraint>

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Private</realm-name>
</login-config>

</web-app>

I have a /index.html file which has a link to /PrivateStuff.  The user
clicks the link and should be prompted for a username and password,
right?  Wrong!  It goes immediately to the not authorized page in
/errors/401.html.  If I take the two error-page sections out of web.xml,
then everything works correctly, but I get the Tomcat default error
pages for file not found and auth error.  Showing default server error
pages looks quite unprofessional, so I want to not do this.  Any
sugestions?

Thanks!

Btw, is there any company which sells commercial support for Tomcat?



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>