I'm running jboss-3.2.7 and need to use a custom 401 error page with my servlets. But by doing so, I don't get a dialog box asking me to authenticate and it immediately errors out and displays the custom 401 page. If I comment out the following from my web.xml, <error-page> | <error-code>401</error-code> | <location>/unauth.jsp</location> | </error-page> then I properly get the dialog box prompting me to log in, but the default Tomcat/5.0.30 error page is used. After doing some cURL tests, I noticed that when I use a custom 401 error page, I lose the WWW-Authentication header that is passed via: resp.setHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\""); | resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); Searching the Internet shows that this could be a bug in many versions of Tomcat. Is there a fix or work-around for this bug? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218467#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...