51253 – use_server_errors for status 401 does not forward WWW-Authenticate

Bug 51253 - use_server_errors for status 401 does not forward WWW-Authenticate

Summary: use_server_errors for status 401 does not forward WWW-Authenticate

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat Connectors
Classification:	Unclassified
Component:	isapi (show other bugs)
Version:	1.2.31
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-05-24 08:06 UTC by Rainer Jung
Modified:	2017-09-01 00:20 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rainer Jung 2011-05-24 08:06:19 UTC

When using server generated error pages (use_server_errors) and status code is 401, we need to forward the original WWW-Authenticate header to the client. For example mod_proxy does it that way.

I fixed the problem in r1126561 for mod_jk / Apache. I didn't yet fix it completely for IIS. There is a new TODO in jk_isapi_plugin.c, see "start_response()". If anyone likes to fix it for ISAPI, there is already parts of the fix in start_response(), but the missing part is described in the following TODO around line 960:

TODO: we need to save a copy of header_values[h]
for later reuse in write_error_message()
which is called later on form HttpExtensionProc
because of use_server_error_pages.

Actually I didn't verify the problem for ISAPI, so that might be a good first step.

Regards,

Rainer

Comment 1 Mladen Turk 2011-11-08 18:35:28 UTC

Implemented IIS version of the patch.
Closing the issue.