BasicAuthValve (4.0.3+)
A org.jboss.web.tomcat.security.BasicAuthValve that provides information on the jaas login exception seen in the SecurityAssociation exception data has been bundled with the tomcat service. It has two attributes that control how the exception information is added to the response:
useExceptionAsMsg : A flag indicates if the exception message should be set as the http response message.
exceptionHeader : A string that if set is the header name that should be populated
with the exception message.
For this context.xml:
<Context cookies="true" crossContext="true"> <Valve className="org.jboss.web.tomcat.security.BasicAuthValve" useExceptionAsMsg="false" exceptionHeader="X-Exception" ></Valve> </Context>
the resulting wget output is:
[starksm@banshee9100 tomcat]$ wget -S --http-user=admin --http-passwd=bad http://localhost:8080/jmx-console/index.html --19:38:18-- http://localhost:8080/jmx-console/index.html => `index.html' Resolving localhost... 127.0.0.1 Connecting to localhost[127.0.0.1]:8080... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 401 Unauthorized 2 Server: Apache-Coyote/1.1 3 Pragma: No-cache 4 Cache-Control: no-cache 5 Expires: Wed, 31 Dec 1969 16:00:00 PST 6 WWW-Authenticate: Basic realm="JBoss JMX Console" 7 X-Exception: Password Incorrect/Password Required 8 Content-Type: text/html;charset=utf-8 9 Content-Length: 952 10 Date: Thu, 22 Sep 2005 02:38:18 GMT 11 Connection: keep-alive Authorization failed.
For this context.xml:
<Context cookies="true" crossContext="true"> <Valve className="org.jboss.web.tomcat.security.BasicAuthValve" useExceptionAsMsg="true" exceptionHeader="X-Exception" ></Valve> </Context>
the resulting wget output is:
[starksm@banshee9100 tomcat]$ wget -S --http-user=admin --http-passwd=bad http://localhost:8080/jmx-console/index.html --19:39:09-- http://localhost:8080/jmx-console/index.html => `index.html' Resolving localhost... 127.0.0.1 Connecting to localhost[127.0.0.1]:8080... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 401 Password Incorrect/Password Required 2 Server: Apache-Coyote/1.1 3 Pragma: No-cache 4 Cache-Control: no-cache 5 Expires: Wed, 31 Dec 1969 16:00:00 PST 6 WWW-Authenticate: Basic realm="JBoss JMX Console" 7 X-Exception: Password Incorrect/Password Required 8 Content-Type: text/html;charset=utf-8 9 Content-Length: 1060 10 Date: Thu, 22 Sep 2005 02:39:09 GMT 11 Connection: keep-alive Authorization failed.
Referenced by:
Comments