You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joe Tomcat <to...@mobile.mp> on 2002/08/09 14:02:10 UTC
Custom error pages and BASIC authorization
Hello fellow Tomcat users. I am trying to set up a very simple web app
that has only static html pages. I want it to use BASIC authorization
for just a few users. Simple stuff, right? I added the user and role
that I wanted in the tomcat-users.xml file, and then I put this in the
web.xml file for the application (which happens to be the ROOT
application):
<web-app>
<error-page>
<error-code>404</error-code>
<location>/errors/404.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/errors/401.html</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>PrivateStuff</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>PrivateUsers</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Private</realm-name>
</login-config>
</web-app>
I have a /index.html file which has a link to /PrivateStuff. The user
clicks the link and should be prompted for a username and password,
right? Wrong! It goes immediately to the not authorized page in
/errors/401.html. If I take the two error-page sections out of web.xml,
then everything works correctly, but I get the Tomcat default error
pages for file not found and auth error. Showing default server error
pages looks quite unprofessional, so I want to not do this. Any
sugestions?
Thanks!
Btw, is there any company which sells commercial support for Tomcat?
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>