if I add this to the deployment description the my401ProcessingServlet would be called after
an error-code 401 occured. But as this servlet is part of the container, too, it won't be able to
send the same error 401 to the client - the container would catch this error and call
my401ProcessingServlet again and again. And this error is necessary because only then the
browser knows that he has to repeat the authentication.
(What we *want* to do is to send the 401 error back to the client so that the browser is forced
to repeat the authentication (popping up the login window) to allow the user to change his
actual login. The joke is, that this actually worked under Tomcat 3.2 and with the former
Servlet API 2.2, but not under Tomcat 4.1.18 and the Servlet API 2.3.).
In other words: it seems that I can *not* do whatever I want under the new Servlet API 2.3,
because the new tomcat engine masks all errors >= 400 to a self-constructed html-page.
Only during the authentication-phase of the realm the errors like 401 are send to the client
normally. I still hope that there is a standard-conform way for servlets to force the container to
send http errors to the client - or at least to inform the authentication realm that the current
authentication should be invalidated and repeated (without automatically accepting the already
used authentication data).
Oliver Schönwald
FernUniversität Hagen - LVU Entwicklungsgruppe
University Hagen - Education and Knowledge Space: Virtual University, Development Task Force
Shapira, Yoav wrote:
Howdy, How about adding this to your web.xml:
<error-page> <error-code>401</error-code> <location>/my401ProcessingServlet</location> </error-page>
Then do whatever you want in the servlet you map to the /my401ProcessingServlet url-pattern.
Yoav Shapira Millennium ChemInformatics
-----Original Message----- From: Oliver Schoenwald [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 4:18 AM To: Tomcat Users List Subject: Configuring Tomcat 4.1.18 to handle 401 http errors
Good morning!
some days ago I already asked a question regarding this context, but I had some time to dive a bit into the Servlet API 2.3 Specification. So far, it seems that the specification states that the container, not the servlet, is the layer attached to the client. And the container, not the servlet, controls, which and how any http errors created by a servlet within the container are handled, mapped and sent back to the client.
Some digging in the catalina source code retrieved that in "HttpResponseBase.java" there is a method finishResponse where the handling of every HTTP error >= 400 is hard-coded to be transformed into a simple, valid html-page with a plainly written error summary.
However, we need the http error 401 to be send 'as is' to the client. It doesn't have to be directly, but the container should not catch this error and create an html page out of it.
Does someone know how I can achieve this? Or has the Servlet API changed the communication protocol so far that this is just no longer possible without violating the standard? In that case, how SHOULD a servlet invalidate the current authentication so that the currently buffered authentication data (buffered by the client/browser) are no longer accepted and the browser is forced to ask the user again for authentication?
Thank you in advance,
Oliver Schönwald
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-- Oliver Schönwald, Diplom-Informatiker
Entwicklungsgruppe Lernraum Virtuelle Universität - FernUniversität Hagen
Universitätsstr.21/AVZ - 58084 Hagen
Fon: +49 2331 987 1721 - Fax: +49 2331 987
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
