https://bz.apache.org/bugzilla/show_bug.cgi?id=65635
--- Comment #5 from Werner Daehn <werner.da...@googlemail.com> --- I had that sitting as enhancement for more than a year without a single comment. Not returning proper error messages could be considered a bug, especially when it is at something as important as security and when the fix is rather simple (unless I am mistaken). The changes I would do is a ...throws LoginException https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/Realm.java#L83 and in https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/authenticator/FormAuthenticator.java#L244 catch the exception and add it to forwardToErrorPage() as attribute. I just do not feel qualified making the code changes with all the accompanying processes myself. And obviously the other auth methods should take benefit as as well. I am just trying to help making tomcat better, not to create waves. Your decision. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
