You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ben Walding <be...@walding.com> on 2002/09/06 09:56:25 UTC
Re: Solved! Re: Basic authentication and custom 401 Not Authorized
error page
It can be made to work...
Put the error-page directive in as per web.xml spec
On the jsp / servlet it points at,
response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
+ "\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
and then write custom page
And it will challenge (well it did for me...)
No need for filters or any of that jazz.
Joe Tomcat wrote:
>Here is how you can create a custom 401 (Not Authorized) error response
>in Tomcat. Putting a directive like this:
>
><error-page>
> <error-code>401</error-code>
> <location>/errors/401.html</location>
></error-page>
>
>in web.xml will not work. If you put that in web.xml, it will deny all
>authorization.
>
>The thing to do is to create a filter for the resources you want to
>protect. Do the conventional basic authentication in the filter.
>However, here is the part which is different:
>
> String errorFile = "/errors/401.html";
> response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
>+ "\"");
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> RequestDispatcher rd = request.getRequestDispatcher(errorFile);
> try { rd.forward(request,response); }
>
>So instead of letting the container generate the html for the 401
>response, you always generate it using the RequestDispatcher. The
>RequestDispatcher can of course be an html or jsp file.
>
>So that is the solution to custom 401 errors in Tomcat.
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>