You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2000/10/06 15:50:29 UTC

BugRat Report #221 has been filed.

Bug report #221 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/221>

REPORT #221 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: medium
Severity: serious
Confidence: public
Environment: 
   Release: Tomcat 3.1
   JVM Release: Sun JRE 1.2.2-006
   Operating System: MS WinNT
   OS Release: 4.0SP5(rus)
   Platform: x86

Synopsis: 
BASIC authentication doesn't work.

Description:
When I specify security constraints for servlet,
browser asks me for username/password, but:

1) If I enter wrong username/password it asks me 2 times more,
than shows BLANK page, not error (SC_UNAUTHORIZED).
2) If I enter correct username/password it shows me 404 error page.
In this case servlet is not even initialized.

Note, when I remove security constraint, servlet that was protected
works correctly. I've looked thru Tomcat sources and found out that
something wrong happens after call
'sendError(HttpServletResponse.SC_MOVED_TEMPORARILY,...)'
in 'HttpServletResponseFacade.java', method 'sendRedirect(String location)'