1 Reply Latest reply on Oct 28, 2009 11:54 AM by Daniel Pocock

    error-page for 401 not working

    Daniel Pocock Newbie
      I'm using HTTP basic authentication (not form-based authentication) configured in web.xml.

      When the user fails to authenticate, I want to display a help page, using the <error-page> directive.

      However, I've found that the error page is sent without the 401 status code - so the browser never prompts the user to authenticate in the first place.

      What do I need to put in my Facelets code to tell it to return the page with the 401 code?

      |<error-page>
        <error-code>401</error-code>
        <location>/badPassword.xhtml</location>
      </error-page>

      <security-constraint>
        <web-resource-collection>
          <web-resource-name>secureZone</web-resource-name>
          <url-pattern>/secure-pages/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>admin</role-name>
        </auth-constraint>
      </security-constraint>

      <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>seam-app</realm-name>
      </login-config>
      |
        • 1. Re: error-page for 401 not working
          Daniel Pocock Newbie

          Actually, it is sending the 401 status code - the reason the browser doesn't prompt the user is because the error-page is sent without the WWW-Authenticate header.


          The only workaround I can think of is to create a simple JSP that includes my help text and also adds the headers to the response - but I would prefer to do it with the correct Seam/Facelets approach.