You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by JB...@silenus.com on 2002/03/13 04:33:47 UTC

security-constraint and error-page

I've setup a security constraint, with basic authentication, in a memory
realm.  It works as expected until I add an error page for the 401 error
code (unauthorized). Then, when I request the page, I get the 401 error
page automatically and am never prompted to login.  I was expecting to get
the 401 error page only if I supplied an incorrect login.

What am I doing wrong?  (Win2000pro, Tomcat 4.0.3, jdk 1.4)   Here is a
portion of my web.xml:

  <error-page>
    <error-code>401</error-code>
    <location>/notauthorized.jsp</location>
  </error-page>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>BrawnerLau Website</web-resource-name>
      <url-pattern>/adminentry.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>brawnerlau</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>BrawnerLau Website</realm-name>
  </login-config>


Thanks,

Jason E. Brawner
Silenus Group
(248) 735-8077


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>