I've setup a security constraint, with basic authentication, in a memory
realm. It works as expected until I add an error page for the 401 error
code (unauthorized). Then, when I request the page, I get the 401 error
page automatically and am never prompted to login. I was expecting to get
the 401 error page only if I supplied an incorrect login.
What am I doing wrong? (Win2000pro,
Tomcat 4.0.3, jdk 1.4) Here is a
portion of my web.xml:
<error-page>
<error-code>401</error-code>
<location>/notauthorized.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>BrawnerLau Website</web-resource-name>
<url-pattern>/adminentry.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>brawnerlau</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>BrawnerLau Website</realm-name>
</login-config>
Thanks,