tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Catalina & Welcome Files
Date Sun, 01 Oct 2000 00:34:25 GMT
Paul Lamb wrote:

> I noticed today that with the latest catalina that it doesn't seem to check
> security constraints on welcome files.
> If my welcome file is "app/default.htm", and I have a security constraint on
> /app/* and I request http://localhost, it will return default.htm without
> prompting to login. But if I request http://localhost/app/default.htm then
> it will send the login.

I've asked the spec lead for the servlet spec (Danny Coward) for an
interpretation on this.  Whether the login dialog should be triggered depends on
whether security constraints apply to the original request URI (which is what
Catalina does currently) or the expanded URI.  It's not clear what the right
answer is.

> Paul Lamb

Craig McClanahan

See you at ApacheCon Europe <>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

View raw message