This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constraint and error-page

 
Jason Brawner
Ranch Hand
Posts: 66
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've setup a security constraint, with basic authentication, in a memory
realm. It works as expected until I add an error page for the 401 error
code (unauthorized). Then, when I request the page, I get the 401 error
page automatically and am never prompted to login. I was expecting to get
the 401 error page only if I supplied an incorrect login.
What am I doing wrong? (Win2000pro, Tomcat 4.0.3, jdk 1.4) Here is a
portion of my web.xml:
<error-page>
<error-code>401</error-code>
<location>/notauthorized.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>BrawnerLau Website</web-resource-name>
<url-pattern>/adminentry.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>brawnerlau</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>BrawnerLau Website</realm-name>
</login-config>
Thanks,
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the tomcat-user mailing list, I found an old (01/22/2002) email in which Craig McClanahan says: Perhaps they haven't finished working out the bugs by 4.0.3

I wasn't able to find anything on nagoya.apache.org/bugzilla either.
 
Jason Brawner
Ranch Hand
Posts: 66
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Damn.... I seem to find all the bugs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic