Have I not fully configured something, or is this a fault of Tomcat (or is
it not possible to serve custom error pages with the original error code
for some reason) ?
Any guidance appreciated.
--
darren@ public key
davison|uk.net www.davison.uk.net/key.jsp
"I declare myself 'King Dogbert', the first ruler of the internet"
As far as I can tell, this is just an oddity of Tomcat. It causes even
more problems when the custom page you're trying to set is a 401 page...
the user never sees the authentication dialog, because Tomcat sends the
"access denied" page with a 200 response code. We had to take away our
custom "access denied" page and use the default auto-generated Tomcat
page to avoid the problem. Quite annoying.
Chris Smith
Has anyone figured this one out yet? I had to do the same thing for a
401 error - it sure is cheesy to use Tomcat's default 401 page...
Thanks,
Jeff
We actually figured out a "hack" to fix the problem with "401
Unauthorized" codes using Basic authentication. In the web.xml file, add
the error-page tag the usual way:
<error-page>
<error-code>401</error-code>
<location>/notauthorized.jsp</location>
</error-page>
and in the notauthorized.jsp page add this at the beginning:
<%
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "BASIC realm=\"Your Realm\"");
%>
This will force the browser to display a login window and let users type
in their credentials. These two http headers are what Tomcat and other
servers use to challenge browsers to present credentials. Again this
only applies to Basic authentication since Form-based authentication
uses custom login and error pages.
--
Ivan Morales
Ned Davis Research
Great! Thanks for sharing. That should help considerably, and probably
ought to not cause problems even if this gets fixed.
Chris Smith