This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills and have John Sonmez on-line!
See this thread for details.
The moose likes Tomcat and the fly likes security-constraint and error-page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "security-constraint and error-page" Watch "security-constraint and error-page" New topic
Author

security-constraint and error-page

Jason Brawner
Ranch Hand

Joined: Dec 19, 2001
Posts: 66
I've setup a security constraint, with basic authentication, in a memory
realm. It works as expected until I add an error page for the 401 error
code (unauthorized). Then, when I request the page, I get the 401 error
page automatically and am never prompted to login. I was expecting to get
the 401 error page only if I supplied an incorrect login.
What am I doing wrong? (Win2000pro, Tomcat 4.0.3, jdk 1.4) Here is a
portion of my web.xml:
<error-page>
<error-code>401</error-code>
<location>/notauthorized.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>BrawnerLau Website</web-resource-name>
<url-pattern>/adminentry.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>brawnerlau</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>BrawnerLau Website</realm-name>
</login-config>
Thanks,


Jason E. Brawner<br />Sun Certified Java Programmer<br />Sun Certified Web Component Developer
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

From the tomcat-user mailing list, I found an old (01/22/2002) email in which Craig McClanahan says: Perhaps they haven't finished working out the bugs by 4.0.3

I wasn't able to find anything on nagoya.apache.org/bugzilla either.
Jason Brawner
Ranch Hand

Joined: Dec 19, 2001
Posts: 66
Damn.... I seem to find all the bugs.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security-constraint and error-page