You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Francis Galiegue <fg...@gmail.com> on 2005/12/19 12:07:34 UTC

Tomcat 5.0 : 401 errors do NOT send back a www-authenticate field :(

Hello,

As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
send a www-authenticate header back, resulting in a definitive 401
error. This violates RFC 2616 (paragraph 14.47).

As we suspected Apache first, I shut it down, activated the Coyote
HTTP/1.1 connector of Tomcat, pointed the web browser to the 8080 port
of the machine... But the result is the same. It occurs regardless of
the presence of a proxy inbetween or not FWIW.

The biggest problem is that I don't have the slightest idea at where
to start... Only thing is I can show these exerpts from the
WEB-INF/web.xml of our webapp:

------
  <servlet>
        <servlet-name>content</servlet-name>
        <servlet-class>com.one2team.one2web.repository.ShowDocumentContent</servlet-class>
  </servlet>
[...]
  <servlet-mapping>
        <servlet-name>content</servlet-name>
        <url-pattern>/servlet/ShowDocumentContent</url-pattern>
  </servlet-mapping>
------

And that's it, really...

You can visualize the problem by trying both of these URLs on
http://web-sniffer.net:

https://asp.one2team/servlet/ShowDocumentContent -- this one works

https://edf.one2team/servlet/ShowDocumentContent -- this one doesn't

The working configuration runs tomcat3 and Apache 1.3.27. The non
working configuration runs tomcat5 and Apache 2.0.x, x being 47 or 52,
both from RedHat (I had to recompile the .52 RPM for it to work on our
RH3 based systems).

Any ideas? I've long run short of them myself :(

Merry Christmas BTW, and thanks in advance for your help,
--
Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
"When it comes to performance, weight is everything" - Tiff Needell

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[Repost...] Tomcat 5.0 : 401 errors do NOT send back a www-authenticate field :(

Posted by Francis Galiegue <fg...@gmail.com>.

[I don't know why, looks like the original message didn't make it to
the list... Sorry if it's a double send]

Hello,

As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
send a www-authenticate header back, resulting in a definitive 401
error. This violates RFC 2616 (paragraph 14.47).

As we suspected Apache first, I shut it down, activated the Coyote
HTTP/1.1 connector of Tomcat, pointed the web browser to the 8080 port
of the machine... But the result is the same. It occurs regardless of
the presence of a proxy inbetween or not FWIW.

The biggest problem is that I don't have the slightest idea at where
to start... Only thing is I can show these exerpts from the
WEB-INF/web.xml of our webapp:

------
  <servlet>
        <servlet-name>content</servlet-name>
        <servlet-class>com.one2team.one2web.repository.ShowDocumentContent</servlet-class>
  </servlet>
[...]
  <servlet-mapping>
        <servlet-name>content</servlet-name>
        <url-pattern>/servlet/ShowDocumentContent</url-pattern>
  </servlet-mapping>
------

And that's it, really...

Any ideas? I've long run short of them myself :(

Merry Christmas BTW, and thanks in advance for your help,
--
Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
"When it comes to performance, weight is everything" - Tiff Needell


--
Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
"When it comes to performance, weight is everything" - Tiff Needell

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 5.0 : 401 errors do NOT send back a www-authenticate field :(

Posted by Francis Galiegue <fg...@gmail.com>.

2005/12/19, Francis Galiegue <fg...@gmail.com>:
> Hello,
>
> As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
> 5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
> send a www-authenticate header back, resulting in a definitive 401
> error. This violates RFC 2616 (paragraph 14.47).
>

Well, nevermind, the error came from the application... It sent the
error before setting the header.

Sorry for the inconvenience...

Have fun,
--
Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
"When it comes to performance, weight is everything" - Tiff Needell

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org