You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Hans Bergsten <ha...@gefionsoftware.com> on 2000/04/13 04:17:27 UTC
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets
AuthServlet.java DefaultErrorPage.java
craigmcc@locus.apache.org wrote:
>
> craigmcc 00/04/12 18:45:56
>
> Modified: src/share/org/apache/tomcat/core ContextManager.java
> HttpServletResponseFacade.java
> src/share/org/apache/tomcat/servlets AuthServlet.java
> DefaultErrorPage.java
> Log:
> Fix a bug where BASIC authentication fails to trigger the pop-up
> dialog box for username and password on IE. This bug was introduced
> by my previous fix to HttpServletResponseFacade.java to make it reset
> the response inside sendError() and sendRedirect(). Unfortunately,
> due to the way Tomcat is currently structured, this caused the
> "WWW-Authenticate" message containing the challenge to be erased.
>
> Netscape Navigator saw the 401 (Unauthorized) error, and popped up a
> dialog box anyway, with an "unknown" realm. However, IE didn't see
> a "WWW-Authenticate" so it didn't do anything.
>
> The workaround in this patch is to NOT reset the response if sendError
> is called with a status code of 401. I've been staring at this code for
> three hours, and cannot see any other way short of a major restructuring
> to get around this problem differently.
Should this fix be part of 3.1? I assume that the main branch is for the
next release now and 3.1 bug fixes must be committed to the tagged branch?
Hans
--
Hans Bergsten hans@gefionsoftware.com
Gefion Software http://www.gefionsoftware.com