You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Hans Bergsten <ha...@gefionsoftware.com> on 2000/04/13 04:17:27 UTC

Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets AuthServlet.java DefaultErrorPage.java

craigmcc@locus.apache.org wrote:
> 
> craigmcc    00/04/12 18:45:56
> 
>   Modified:    src/share/org/apache/tomcat/core ContextManager.java
>                         HttpServletResponseFacade.java
>                src/share/org/apache/tomcat/servlets AuthServlet.java
>                         DefaultErrorPage.java
>   Log:
>   Fix a bug where BASIC authentication fails to trigger the pop-up
>   dialog box for username and password on IE.  This bug was introduced
>   by my previous fix to HttpServletResponseFacade.java to make it reset
>   the response inside sendError() and sendRedirect().  Unfortunately,
>   due to the way Tomcat is currently structured, this caused the
>   "WWW-Authenticate" message containing the challenge to be erased.
> 
>   Netscape Navigator saw the 401 (Unauthorized) error, and popped up a
>   dialog box anyway, with an "unknown" realm.  However, IE didn't see
>   a "WWW-Authenticate" so it didn't do anything.
> 
>   The workaround in this patch is to NOT reset the response if sendError
>   is called with a status code of 401.  I've been staring at this code for
>   three hours, and cannot see any other way short of a major restructuring
>   to get around this problem differently.

Should this fix be part of 3.1? I assume that the main branch is for the
next release now and 3.1 bug fixes must be committed to the tagged branch?

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com