Geek Answers Handbook

Avoiding tomcat status report

I am trying to return error code 401 from webapp to start the basic authentication process, but tomcat captures the response to display the status report page. Is there a way to prevent tomcat from being used and leave the error code completely in the browser?

UPDATE My mistake: I forgot the WWW-Authenticate header

+5
source share
5 answers

Setting the response status to 401 will only indicate โ€œforbiddenโ€ to the browser, and tomcat will display the error page. It alone does not initiate the authentication process.

To start authentication, you need to add another header to the response:

httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"MyApp\"");

"MyApp" - HTTP. , auth .

, tomcat , , , auth.

+5

, Tomcat? web.xml. 2 - - server_error.html file_not_found.html - , 500 404 .

<error-page>
    <error-code>500</error-code>
    <location>/server_error.html</location>
</error-page>
<error-page>
    <error-code>404</error-code>
    <location>/file_not_found.html</location>
</error-page>

, web.xml . web.xml , Tomcat

: http://linux-sxs.org/internet_serving/c581.html

+3

Tomcat , , , . , 200. , 401. , , .

, , , , HTTP- 401. , error-page node web.xml. JSP, , .

<error-page>
    <error-code>401</error-code>
    <location>/my401.jsp</location>
</error-page>
+3

100% , . 401.html , . , , 401.jsp :

<%  
 String realmName = "A nice name to show as the title of on the pop-up";  
 response.setHeader("WWW-Authenticate","Basic realm=\"" + realmName + "\"");  
 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);  
 %>

coderanch.com .

, , web.xml :

<!-- Internal server error. -->
   <error-page>
    <error-code>500</error-code>
    <location>/errors/500.html</location>
   </error-page>

  <!-- Not found. --> 
  <error-page>
    <error-code>404</error-code>
    <location>/errors/404.html</location>
  </error-page>

  <!-- Unauthorized. -->
  <error-page>
    <error-code>401</error-code>
    <location>/errors/401.jsp</location>
  </error-page>

401.jsp :

<%  
 String realmName = "A nice name to show as the title of on the pop-up";  
 response.setHeader("WWW-Authenticate","Basic realm=\"" + realmName + "\"");  
 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);  
 %>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>401 Unauthorized</title>
<meta name="description" content="The server has not found anything matching the Request-URI.">
<style type="text/css">
body {background-color:ffffff;background-image:url(http://);background-repeat:no-repeat;background-position:top left;background-attachment:fixed;}
h3{font-family:Arial;color:000000;}
p {font-family:Arial;font-size:14px;font-style:normal;font-weight:normal;color:000000;}
</style>
</head>
<body>
<h3>401 Unauthorized</h3>
<p>The request requires authentication.</p>
</body>
</html>
+1

login-config, security-constraint security-role web.xml ? :

<login-config>

  <auth-method>FORM</auth-method>

  <realm-name>Your-Name</realm-name>

  <form-login-config>

    <form-login-page>/login.jsp</form-login-page>

    <form-error-page>/error_login.xhtml</form-error-page>

  </form-login-config>

</login-config>


<security-constraint>

   <web-resource-collection>

      <web-resource-name>Some-Name</web-resource-name>

      <url-pattern>/path/to/directory/*</url-pattern>

   </web-resource-collection>

   <auth-constraint>

      <role-name>USER</role-name>

      <role-name>ADMIN</role-name>

   </auth-constraint>   

 </security-constraint>


 <security-role>

    <description>Role for all users</description>

    <role-name>USER</role-name>

 </security-role>


 <security-role>

    <description>role for all admins</description>

    <role-name>ADMIN</role-name>

 </security-role>

So that users who want to visit your / path / to / directory / or any of its subdirectories will need to log in. Access will be granted only if the user has the USER or ADMIN role. You can even install this in the root directory so that all users are logged in first.

0
source

More articles:


All Articles