tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <Costin.Manola...@eng.sun.com>
Subject Re: Bug in basic HTTP authentication/resource protection in Tomcat 3.1?
Date Thu, 20 Jul 2000 19:32:59 GMT
Jonathan Eric Miller wrote:

> Yeah, but it's running the same servlet. I didn't even know that
> SnoopServlet/ was a valid URL. IMHO, this should be changed. If it isn't I
> doubt that I will be the only one that makes this mistake.

It is a valid URL - even if it runs the same servlet ( with "/" as pathInfo ).




> If it weren't for the fact that I accidentally typed the extra /, I would
> have a gaping whole in my application that I didn't even know about.
>
> It isn't really a problem with the resource protection, it's that
> SnoopServlet shouldn't get run if there is a trailing /.

Sorry about that, but that's perfectly correct behavior. Same
happen with CGIs or any other system.

It doesn't happen for JSPs because the spec doesn't allow pathInfo
for extension mapped servlets.

Costin


Mime
View raw message