DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42409>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42409 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[EMAIL PROTECTED] ------- Additional Comments From [EMAIL PROTECTED] 2007-07-03 15:21 ------- Hi, I would like to add my use case on to the scales. We are using Acegi Security Library for Spring (http://acegisecurity.org/) to perform authentication and authorization tasks in our web application. In essence, it works as a filter, declared in web.xml, and preprocesses the web request. We are using Digest authentication as per RFC 2617, but you might consider using Basic authentication as well. When there is a need to request user credentials, the library ([1]) generates WWW-Authenticate header containing realm name, random nonce value, and other information, and calls httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED), and the rest of the response is generated by the tomcat error page. Now, if I configure my own dynamic or static page for error code 401, the authentication stops working, because the WWW-Authenticate header is lost from the response. Versions: - Tomcat: 5.5.23 - Acegi Security System for Spring: 1.0.4 The relevant Acegi Security source code is method "commence()" of class org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint, lines 104-105 and above ([1]) [1] http://svn.sourceforge.net/viewvc/acegisecurity/tags/release_1_0_4/core/src/main/java/org/acegisecurity/ui/digestauth/DigestProcessingFilterEntryPoint.java?revision=1881&view=markup -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
