You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joe Tomcat <to...@mobile.mp> on 2002/09/06 02:15:57 UTC
Re: More info Re: Basic authentication and custom 401 Not
Authorized error page
On Thu, 2002-09-05 at 13:55, Eric Hollander wrote:
> I did some more research on this. It looks like it was a Known Bug in
> Tomcat 4.0.2, and it doesn't look like it has been fixed since then (I'm
> using 4.0.4). Tomcat developers, is there any patch or workaround known
> for this?
>
> I did some digging in the Tomcat source, and it looks like the html
> error pages are generated by this valve:
>
> org.apache.catalina.valves.ErrorReportValve
More information:
There's a method in org.apache.catalina.core.StandardHost that does
this:
private String errorReportValveClass =
"org.apache.catalina.valves.ErrorReportValve";
So if there were some way to set the value of errorReportValveClass
through a config file, at least I wouldn't have to recompile catalina to
make it show a custom 401 response. I couldn't find out if this value
is read in from a properties file somewhere, but I sure would love to be
able to not have to recompile catalina to get this to work.
Thanks for any tips.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Solved! Re: Basic authentication and custom 401 Not Authorized
error page
Posted by Ben Walding <be...@walding.com>.
It can be made to work...
Put the error-page directive in as per web.xml spec
On the jsp / servlet it points at,
response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
+ "\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
and then write custom page
And it will challenge (well it did for me...)
No need for filters or any of that jazz.
Joe Tomcat wrote:
>Here is how you can create a custom 401 (Not Authorized) error response
>in Tomcat. Putting a directive like this:
>
><error-page>
> <error-code>401</error-code>
> <location>/errors/401.html</location>
></error-page>
>
>in web.xml will not work. If you put that in web.xml, it will deny all
>authorization.
>
>The thing to do is to create a filter for the resources you want to
>protect. Do the conventional basic authentication in the filter.
>However, here is the part which is different:
>
> String errorFile = "/errors/401.html";
> response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
>+ "\"");
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> RequestDispatcher rd = request.getRequestDispatcher(errorFile);
> try { rd.forward(request,response); }
>
>So instead of letting the container generate the html for the 401
>response, you always generate it using the RequestDispatcher. The
>RequestDispatcher can of course be an html or jsp file.
>
>So that is the solution to custom 401 errors in Tomcat.
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Solved! Re: Basic authentication and custom 401 Not Authorized
error page
Posted by Joe Tomcat <to...@mobile.mp>.
Here is how you can create a custom 401 (Not Authorized) error response
in Tomcat. Putting a directive like this:
<error-page>
<error-code>401</error-code>
<location>/errors/401.html</location>
</error-page>
in web.xml will not work. If you put that in web.xml, it will deny all
authorization.
The thing to do is to create a filter for the resources you want to
protect. Do the conventional basic authentication in the filter.
However, here is the part which is different:
String errorFile = "/errors/401.html";
response.addHeader("WWW-Authenticate", "BASIC realm=\"" + realm
+ "\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
RequestDispatcher rd = request.getRequestDispatcher(errorFile);
try { rd.forward(request,response); }
So instead of letting the container generate the html for the 401
response, you always generate it using the RequestDispatcher. The
RequestDispatcher can of course be an html or jsp file.
So that is the solution to custom 401 errors in Tomcat.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>