https://bz.apache.org/bugzilla/show_bug.cgi?id=63336
--- Comment #2 from jchobanto...@yahoo.com --- Ok, forget about modifying the basic ream to report the error - the application could have 401 error page and put that information itself - again the request is to add http request attribute so that error page of the application could expose that to the end user if they choose to - I’m not asking tomcat to report the security issue as I’m well aware of the security concerns there but there is a real business use case that all applications could benefit - I’m asking for the support - it is still up to the application whether to expose this to the end user or not as it is only set in request attribute that is not going to be transmitted to the client unless the application do something about it -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org