After some more code-reading I found the problem. Looking at the implementation of response.sendError in TC5, it's clear that it dumps whatever headers you added prior to the call. Changing this to setStatus fixed the problem. I assume this means that Tomcat doesn't get a chance to render it's custom 401 page, but I might be speculating.
I'd appreciate if someone shed some light on which way the code below should be implemented (setStatus/sendError/something else?) in various versions of Tomcat. Thx dB. dB. @ dblock.org Moscow|Geneva|Seattle|New York -----Original Message----- From: dB. [mailto:dbl...@dblock.org] Sent: Tuesday, November 02, 2010 4:55 PM To: Tomcat Users List Subject: RE: Tomcat 5.5: how doesone configure an authenticator valve? Thanks for your help. I should have done this (logging) in the first place, sorry. The filter is invoked properly. The new problem is that the headers aren't added (or sent to the client). The code looks like this: response.addHeader("WWW-Authenticate", "Negotiate"); response.addHeader("WWW-Authenticate", "NTLM"); response.setHeader("Connection", "close"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.flushBuffer(); This is executed for sure (put a logging statement in front of it) but has no effect, the response looks like a boilerplate 401. Where did my WWW-Authenticate headers and "Connection: close" go? (Maybe it helps, it does work in 6.x). Thx dB. PS: you're looking at some intermediate waffle check-in, the namespace was renamed at some point, it's waffle.apache. dB. @ dblock.org Moscow|Geneva|Seattle|New York -----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Tuesday, November 02, 2010 8:39 AM To: Tomcat Users List Subject: Re: Tomcat 5.5: how doesone configure an authenticator valve? 2010/11/2 dB. <dbl...@dblock.org>: > I am trying to help someone with a Tomcat 5.5 implementation of waffle > (waffle.codeplex.com). It has authenticator valve that works well with tc6. > I declare a valve inside the web app: > > Context.xml > > <?xml version='1.0' encoding='utf-8'?> <Context> > <Valve className="waffle.apache.NegotiateAuthenticator" > principalFormat="fqn" roleFormat="both" /> > <Realm className="waffle.apache.WindowsRealm" /> </Context> > Note, that META-INF/context.xml (case matters!) is copied to $CATALINA_BASE\conf\Catalina\localhost\<yourapp>.xml when the webappication starts for the first time. You can have a stale copy there. I would suggest you to enable more detailed logging. Something like adding the following line to conf/logging.properties: waffle.apache.NegotiateAuthenticator.level=FINE BTW, the waffle docs say "waffle.apache.NegotiateAuthenticator", but in the source code it is "waffle.tomcat.NegotiateAuthenticator", i.e. a different package http://waffle.codeplex.com/SourceControl/changeset/view/52761#1097376 Are there any interesting messages in the log filess already? Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
