The manager and host-manager apps included with Tomcat 7.0.21 are both:
* configured to use BASIC authentication; and
* configured with a custom error page for 401 (unauthenticated) error codes.
However, the customer error page is never used by Tomcat.
tomcat/webapps/[host-]manager/WEB-INF/web.xml has
...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
...
<error-page>
<error-code>401</error-code>
<location>/WEB-INF/jsp/401.jsp</location>
</error-page>
The 401.jsp file has lots of useful information that would be helpful to
display to a user if they cancel their browser's BASIC login prompt.
A custom 401.jsp file worked with BASIC in Tomcat 5.5.23.
Is 401.jsp supposed to be used in the manager and host-manager apps?
Or is it a relic that should be removed?
Or is it kept for cases where a different style of authentication is configured
that might use 401.jsp?
I hope I can provide a custom message when a user cancels a BASIC login. The
manager and host-manager apps appear to try to do what I want. But they don't
work.
--
James Manger
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
