Re: Solved! Re: Basic authentication and custom 401 Not Authorized error page

[Ben Walding <be...@walding.com>]

It can be made to work...

Put the error-page directive in as per web.xml spec

On the jsp / servlet it points at,

        response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
+ "\"");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

	and then write custom page

And it will challenge (well it did for me...)

No need for filters or any of that jazz.


Joe Tomcat wrote:

>Here is how you can create a custom 401 (Not Authorized) error response
>in Tomcat.  Putting a directive like this:
>
><error-page>
>  <error-code>401</error-code>
>  <location>/errors/401.html</location>
></error-page>
>
>in web.xml will not work.  If you put that in web.xml, it will deny all
>authorization.
>
>The thing to do is to create a filter for the resources you want to
>protect.  Do the conventional basic authentication in the filter. 
>However, here is the part which is different:
>
>	String errorFile = "/errors/401.html";
>        response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
>+ "\"");
>        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>        RequestDispatcher rd = request.getRequestDispatcher(errorFile);
>        try { rd.forward(request,response); }
>
>So instead of letting the container generate the html for the 401
>response, you always generate it using the RequestDispatcher.  The
>RequestDispatcher can of course be an html or jsp file.
>
>So that is the solution to custom 401 errors in Tomcat.
>
>
>--
>To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>  
>




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>