Bug 51253

Summary: use_server_errors for status 401 does not forward WWW-Authenticate
Product: Tomcat Connectors Reporter: Rainer Jung <rainer.jung>
Component: isapiAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 1.2.31   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Rainer Jung 2011-05-24 08:06:19 UTC
When using server generated error pages (use_server_errors) and status code is 401, we need to forward the original WWW-Authenticate header to the client. For example mod_proxy does it that way.

I fixed the problem in r1126561 for mod_jk / Apache. I didn't yet fix it completely for IIS. There is a new TODO in jk_isapi_plugin.c, see "start_response()". If anyone likes to fix it for ISAPI, there is already parts of the fix in start_response(), but the missing part is described in the following TODO around line 960:

TODO: we need to save a copy of header_values[h]
for later reuse in write_error_message()
which is called later on form HttpExtensionProc
because of use_server_error_pages.

Actually I didn't verify the problem for ISAPI, so that might be a good first step.


Comment 1 Mladen Turk 2011-11-08 18:35:28 UTC
Implemented IIS version of the patch.
Closing the issue.