DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3823>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3823 sendError and setStatus clear headers already set Summary: sendError and setStatus clear headers already set Product: Tomcat 4 Version: 4.0 Final Platform: All OS/Version: All Status: NEW Severity: Blocker Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] > I have installed TC4 and have it working. > > I am moving an app that worked fine under TC3.3. > > My problem is that when I call: > > > res.setHeader("WWW-Authenticate", BASIC realm=\"" + domain +"\"); > rese.sendError(res.SC_UNAUTHORIZED); > > in my servlet the authenticate header is stripped from the > result. (examples follow) > This occurs whether I make the request through IIS (actually > PWS) or to TC directly via port 8080 The problem appears to be in org.apache.catalina.core.StandardWrapperValve.status() This is run to respond to status messages but it calls org.apache.catalina.connector.HttpResponseBase.reset(int status, String message) which in turn calls HttpResponse.reset() HttpResponseBase already resets the content or headers appropriately for the API methods called. status() does it again (in what I assume is a "let's be sure it was done" kind of way) but according to the spec that isn't appropriate. The spec doesn't specify that HttpResponse.sendError(int status) must clear the headers only that it must clear the buffer and set any appropriate headers. The spec does specify that HttpResponse.sendError(int status, String message) and HttpResponse.setStatus(int status) should return any headers already set. I believe the following would changes would restore spec compliance (at the risk of breaking what else I don't know) org.apache.catalina.connector.HttpResponseBase.reset(int status, String message) method to call resetBuffer() rather than reset() org.apache.catalina.core.StandardWrapperValve.custom(req, res, errorpage) on line 481 to call hres.resetBuffer() rather than hres.reset()
