The problem appears to be in org.apache.catalina.core.StandardWrapperValve.status() This is run to respond to status messages but it calls org.apache.catalina.connector.HttpResponseBase.reset(int status, String message) which in turn calls HttpResponse.reset() HttpResponseBase already resets the content or headers appropriately for the API methods called. status() does it again (in what I assume is a "let's be sure it was done" kind of way) but according to the spec that isn't appropriate. The spec doesn't specify that HttpResponse.sendError(int status) must clear the headers only that it must clear the buffer and set any appropriate headers. The spec does specify that HttpResponse.sendError(int status, String message) and HttpResponse.setStatus(int status) should return any headers already set. I believe the following would changes would restore spec compliance (at the risk of breaking what else I don't know) org.apache.catalina.connector.HttpResponseBase.reset(int status, String message) method to call resetBuffer() rather than reset() org.apache.catalina.core.StandardWrapperValve.custom(req, res, errorpage) on line 481 to call hres.resetBuffer() rather than hres.reset() HTH > -----Original Message----- > From: Brett Knights [mailto:[EMAIL PROTECTED]] > Sent: Sunday, September 23, 2001 1:22 PM > To: '[EMAIL PROTECTED]' > Subject: TC4 and Send Error > > > > I have installed TC4 and have it working. > > I am moving an app that worked fine under TC3.3. > > My problem is that when I call: > > > res.setHeader("WWW-Authenticate", BASIC realm=\"" + domain +"\"); > rese.sendError(res.SC_UNAUTHORIZED); > > in my servlet the authenticate header is stripped from the > result. (examples follow) > This occurs whether I make the request through IIS (actually > PWS) or to TC directly via port 8080 > > Integrating a realm based authentication mechanism is not an > option at this time. > > > From TC3 the returned stream is: > > http://supportstage/eda/support/kb/kbsearch.htm > HTTP/1.1 401 Unauthorized > Server: Microsoft-IIS/4.0 > Date: Sun, 23 Sep 2001 20:07:28 GMT > WWW-Authenticate: BASIC realm="EDACustomer" > Content-Type: text/html > Content-Length: 159 > Set-Cookie: JSESSIONID=p89g15em81;Path=/eda > Servlet-Engine: Tomcat Web Server/3.3 Beta 1 ( JSP 1.1; Servlet 2.2 ) > > <head><title>Error: 401</title></head> > <body> > <h1>Error: 401</h1> > <h2>Location: /eda/support/kb/kbsearch.htm</h2> > <b>No detailed message</b><br> > </body> > > from TC4 (v 4.0) the returned stream is: > > http://localhost/eda/support/kb/kbsearch.htm > HTTP/1.1 401 Unauthorized > Server: Microsoft-IIS/4.0 > Date: Sun, 23 Sep 2001 20:08:54 GMT > Connection: close > Content-Type: text/html > Set-Cookie: JSESSIONID=D204B543F210B2E196B391E918A04664;Path=/eda > > <html> > <head> > <title>Tomcat Error Report</title> > </head> > <body bgcolor="white"> > <br><br> > <h1>HTTP Status 401 - Unauthorized</h1> > This request requires HTTP authentication (Unauthorized). > </body> > </html>
