I'm using a (simple) basic authentication within my servlet which works well for the Jetty 7.6 server but with Tomcat 6.0.35 I'm getting an error while trying to send the unauthorized response to show the username/password form in browser:
java.lang.IllegalStateException
org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:421)
The code in my servlet looks like this:
response.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
The error occurs on line two of the code sample. I'm not using the <security-constraint> in the web.xml. It should be a very, very simple authentication.
Any idea why Tomcat is not working but Jetty does?
Ensure:
Any of the above can commit the response before you were expecting it.