| Author |
security-constraint and error-page
|
Jason Brawner
Ranch Hand
Joined: Dec 19, 2001
Posts: 66
|
|
I've setup a security constraint, with basic authentication, in a memory
realm. It works as expected until I add an error page for the 401 error
code (unauthorized). Then, when I request the page, I get the 401 error
page automatically and am never prompted to login. I was expecting to get
the 401 error page only if I supplied an incorrect login.
What am I doing wrong? (Win2000pro, Tomcat 4.0.3, jdk 1.4) Here is a
portion of my web.xml:
<error-page>
<error-code>401</error-code>
<location>/notauthorized.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>BrawnerLau Website</web-resource-name>
<url-pattern>/adminentry.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>brawnerlau</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>BrawnerLau Website</realm-name>
</login-config>
Thanks,
|
Jason E. Brawner<br />Sun Certified Java Programmer<br />Sun Certified Web Component Developer
|
 |
Mike Curwen
Ranch Hand
Joined: Feb 20, 2001
Posts: 3695
|
|
From the tomcat-user mailing list, I found an old (01/22/2002) email in which Craig McClanahan says: Perhaps they haven't finished working out the bugs by 4.0.3
I wasn't able to find anything on nagoya.apache.org/bugzilla either.
|
|
Jason Brawner
Ranch Hand
Joined: Dec 19, 2001
Posts: 66
|
|
|
Damn.... I seem to find all the bugs.
|
|
 |
|
|
subject: security-constraint and error-page
|
|
|
0
