tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6709] - Images on protected areas have not "Last modified" header
Date Wed, 27 Feb 2002 18:21:52 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709

Images on protected areas have not "Last modified" header





------- Additional Comments From patrick.luby@sun.com  2002-02-27 18:21 -------
I believe that there is a very simple way to enable caching of your image files 
without disabling security on the pages that link to those images. This same 
issue came up when we were implmenting the Tomcat admin webapp in the HEAD 
branch. Basically, we left image files out of the security constraint using the 
following entries in the webapp's web.xml:

  <security-constraint>
    <display-name>Tomcat Server Configuration Security Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>*.do</url-pattern>
      <url-pattern>*.html</url-pattern>
    </web-resource-collection>
    .
    .
    .
  </security-contstraint>

In the above, all of the webapps jsp and html pages as well as all Struts actions 
are protected by the security constraint (and therefore have no-cache set). 
Whereas, all of the webapps image files are not protected by the security 
constraint (and therefore are cached).

Hope that helps,

Patrick

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message