Hello and good morning,
I'm using Tomcat 5.5.9 in combination with Apache 2.0.54, using mod_jk.
I have developed a web application that uses its own authentication protocol
to protect certain functionalities. The application itself is not
protected by
a realm. Instead, any request to the servlet is handled by my own
authentication
class which will create the necessary http response when the request is
directed
to a protected functionality and the user should authenticate.
So far I use basic authentication and it works fine. However, some of my
users forget their passwords and hit the cancel button after some failures.
After that, they see one of Tomcat's own error pages (that with the dark
blue
headline saying HTTP Status 401 - unauthorized, the lines about "type,
"message" and "description").
I would like to change that page to provide my own support text about
getting a Login and what to do when someone forgets his password, so
I tried the <error-page>-Tag in the web.xml-file. I prepared an html-file
to be shown for response code 401.
However, this setting disabled authentication altogether! Reason: as soon
as my application decided for an request that the response should be
authenticated
and sent necessary response, the client didn't get the Basic
Authentication Form
any longer, but my prepared error page at once! The user got no chance
to authenticate.
I fiddled around with the error-page-Tag but could change that behavior.
So I humbly ask the community to give me some hint what to do. How can I
change
the error-page that is shown when the user hits the cancel-button in
basic authentication?
Do I have to send some additional information (some header?) with the
error-response
that initiates the authentication form?
Thank you in advance,
Oliver Schoenwald
University of Hagen
Germany
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]