Avoiding tomcat status report

Question

I am trying to return a 401 error code from a webapp to trigger a basic authentication process, but tomcat is hijacking the response to display its status report page. Is there a way to prevent tomcat from doing this and let the error code go all the way to the browser?

UPDATE My mistake: I forgot the WWW-Authenticate header

Answer 1

Setting the response status to 401 will only tell the browser "forbidden", and tomcat will display the error page. It will not in itself trigger the authentication process.

To trigger auth, you need to add another header to the response:

httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"MyApp\"");

where "MyApp" is the name of your desired HTTP auth realm. Add that header, and the browser will popup an auth dialog and retry the request.

You should be aware that tomcat will still have sent the error page along with the headers, it's just that the browser won't display it as long as the response contains the auth header.

Answer 2

Unhappy with the default error pages that come with Tomcat ? You can define your own custom error pages in your web.xml file. In the example shown below, we define 2 web pages -- server_error.html and file_not_found.html -- which will be displayed when the server encounters an error 500 or an error 404 respectively.

<error-page>
    <error-code>500</error-code>
    <location>/server_error.html</location>
</error-page>
<error-page>
    <error-code>404</error-code>
    <location>/file_not_found.html</location>
</error-page>   

You should bear in mind, however, that the order of the tags for the web.xml file is very important. If the order in your web.xml file is incorrect, Tomcat will output errors on startup

source: http://linux-sxs.org/internet_serving/c581.html