Replying to my own post - this problem went away when i updated to the latest TC cvs sources and rebuilt. cheers, Jason Jason Harrop wrote: > Hi > > I'm using TC4 built from CVS on 17 Feb, and I'm scratching my head about > a strange problem when i try and access 2 webapps which have the same > realm name in their web.xml file, as in: > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>myRealm</realm-name> > > If I visit these webapps using a HTTP 1.0 client (eg NS 4.7, or IE 5 or > 5.5 with "Use HTTP 1.1" deselected), i get the expected sequence of a > 401 error, at which point the browser presents the authentication > dialog; then on subsequent protected pages, the browser responds to the > 401 error with authentication information without involving the users. > > If I visit these webapps using either IE 5 or 5.5 in their default HTTP > 1.1 enabled mode, then what happens is this: > > For IE 5.5, when i visit the first page, i am asked to authenticate. > Then, when i visit the second page (on my setup, this is in a second > webapp, but with the same realm-name), i am presented with a blank > screen. The tomcat logs show the 401 response, but they DO NOT show a > subsequent request in which the authentication information is provided > by the browser. > > HOWEVER, according to my packet sniffer, that request _is_ being sent, > however Tomcat never responds to it: > > G E T / T e s t D r i v e / p r o t e c t e d / s h o w > H o m e D i r e c t o r y H T T P / 1 . 1 > > H T T P / 1 . 1 4 0 1 U n a u t h o r i z e d > W W W - A u t h e n t i c a t e : B a s i c r e a l m > = " m y R e a l m " > > G E T / T e s t D r i v e / p r o t e c t e d / s h o w > H o m e D i r e c t o r y H T T P / 1 . 1 > A u t h o r i z a t i o n : B a s i c Z n J l Z D p u > Z X J r > > [Tomcat sends the page] > > G E T / S m a r t P r e c e d e n t S e r v e > r / a s k I n t e r v i e w P r > e f e r e n c e s ? I D = % 2 F > f i l e s % 2 F d e m o n s t r > a t i o n % 2 F T e s t 2 S A f > o r R e p o s i t o r y . x m l > & r e p o s i t o r y n a m e = > T e s t D r i v e H T T P / 1 > . 1 > > H T T P / 1 . 1 4 0 1 U n a u t h o r i z e d > W W W - A u t h e n t i c a t e : B a s i c r e a l m = > " m y R e a l m " > > G E T / S m a r t P r e c e d e n t S e r v e > r / a s k I n t e r v i e w P r > e f e r e n c e s ? I D = % 2 F > f i l e s % 2 F d e m o n s t r > a t i o n % 2 F T e s t 2 S A f > o r R e p o s i t o r y . x m l > & r e p o s i t o r y n a m e = > T e s t D r i v e H T T P / 1 > . 1 > > A u t h o r i z a t i o n : B a s i c Z n J l Z D p u > Z X J r > > Clicking refresh successfully grabs the page for me, without me having > to type any authentication info again. So i think this might a bug in > Tomcat 4's HTTP 1.1 connector (since things are okay with a 1.0 client)? > > With IE 5, the second time Tomcat sends a 401, IE asks me to > authenticate, even though the WWW-Authenticate header is the same one it > has seen before. This looks to me like a bug in IE 5. > > Any thoughts? BTW, i'm not using the single sign on support valve. > > thanks > > Jason > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
