Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Avoiding tomcat status report

I am trying to return a 401 error code from a webapp to trigger a basic authentication process, but tomcat is hijacking the response to display its status report page. Is there a way to prevent tomcat from doing this and let the error code go all the way to the browser?

UPDATE My mistake: I forgot the WWW-Authenticate header

like image 600
Maurice Perry Avatar asked Aug 04 '09 05:08

Maurice Perry


2 Answers

Setting the response status to 401 will only tell the browser "forbidden", and tomcat will display the error page. It will not in itself trigger the authentication process.

To trigger auth, you need to add another header to the response:

httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"MyApp\"");

where "MyApp" is the name of your desired HTTP auth realm. Add that header, and the browser will popup an auth dialog and retry the request.

You should be aware that tomcat will still have sent the error page along with the headers, it's just that the browser won't display it as long as the response contains the auth header.

like image 86
skaffman Avatar answered Sep 28 '22 10:09

skaffman


Unhappy with the default error pages that come with Tomcat ? You can define your own custom error pages in your web.xml file. In the example shown below, we define 2 web pages -- server_error.html and file_not_found.html -- which will be displayed when the server encounters an error 500 or an error 404 respectively.

<error-page>
    <error-code>500</error-code>
    <location>/server_error.html</location>
</error-page>
<error-page>
    <error-code>404</error-code>
    <location>/file_not_found.html</location>
</error-page>   

You should bear in mind, however, that the order of the tags for the web.xml file is very important. If the order in your web.xml file is incorrect, Tomcat will output errors on startup

source: http://linux-sxs.org/internet_serving/c581.html

like image 23
Peter Avatar answered Sep 28 '22 09:09

Peter