История изменений
Исправление alchemist, (текущая версия) :
By default, if the user cancels login or gives the wrong
password 3 times, they'll see Tomcat's ugly error page. You'd
like to use your own customized page, so you add something
like:
<error-page>
<error-code>401</error-code>
<location>/errors/401.jsp</location>
</error-page>
But this doesn't work. The user will see your customized
page, but they never get asked to log in!
The problem is that 401 is both the signal that authorization
failed, AND the signal for the browser to ask for your
username and password. When you add your own error page for
this, the 401 doesn't get sent back.
The solution is to add these lines near the top of your
401.jsp:
response.addHeader("WWW-Authenticate", "BASIC realm=\"My Web Site\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
(For the "realm", use the value that's in your web.xml file.)
Исправление alchemist, :
By default, if the user cancels login or gives the wrong password 3 times, they'll see Tomcat's ugly error page. You'd like to use your own customized page, so you add something like:
<error-page> <error-code>401</error-code> <location>/errors/401.jsp</location> </error-page>
But this doesn't work. The user will see your customized page, but they never get asked to log in!
The problem is that 401 is both the signal that authorization failed, AND the signal for the browser to ask for your username and password. When you add your own error page for this, the 401 doesn't get sent back.
The solution is to add these lines near the top of your 401.jsp:
response.addHeader(«WWW-Authenticate», «BASIC realm=\„My Web Site\“»); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
(For the «realm», use the value that's in your web.xml file.)
Исходная версия alchemist, :
By default, if the user cancels login or gives the wrong
password 3 times, they'll see Tomcat's ugly error page. You'd
like to use your own customized page, so you add something
like:
<error-page>
<error-code>401</error-code>
<location>/errors/401.jsp</location>
</error-page>
But this doesn't work. The user will see your customized
page, but they never get asked to log in!
The problem is that 401 is both the signal that authorization
failed, AND the signal for the browser to ask for your
username and password. When you add your own error page for
this, the 401 doesn't get sent back.
The solution is to add these lines near the top of your
401.jsp:
response.addHeader("WWW-Authenticate", "BASIC realm=\"My Web Site\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
(For the "realm", use the value that's in your web.xml file.)