Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 81799 invoked from network); 4 Jul 2002 04:37:20 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 4 Jul 2002 04:37:20 -0000 Received: (qmail 3626 invoked by uid 97); 4 Jul 2002 04:37:30 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 3418 invoked by uid 97); 4 Jul 2002 04:37:28 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 3308 invoked by uid 98); 4 Jul 2002 04:37:27 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) Message-ID: <001401c22315$318ced80$ab7e0304@dslverizon.net> From: "Bill Barker" To: "Tomcat Developers List" References: Subject: Re: Tomcat 4.x auth issue Date: Wed, 3 Jul 2002 21:42:24 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Archived: msg.XXnuIaNQ@sneezy X-Scanned-By: MIMEDefang 2.11 (www dot roaringpenguin dot com slash mimedefang) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I'm hardly a 4.x expert, but this looks like it will solve the major problem. This fix will still send an Auth to /myapp if you first request /myapp/protected, but that shouldn't be too much of a problem. In 5.0, I think that the spec is going to eventually require that we move the logic to the Mapper however. ----- Original Message ----- From: "Keith Wannamaker" To: "Tomcat Developers List" Sent: Wednesday, July 03, 2002 8:55 PM Subject: RE: Tomcat 4.x auth issue > The bugfix turned out to be a one-liner: > > Index: SecurityConstraint.java > =================================================================== > RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/de > ploy/SecurityConstraint.java,v > retrieving revision 1.5 > diff -u -r1.5 SecurityConstraint.java > --- SecurityConstraint.java 22 Jul 2001 20:25:10 -0000 1.5 > +++ SecurityConstraint.java 4 Jul 2002 02:50:10 -0000 > @@ -455,7 +455,7 @@ > > // Normalize the argument strings > if ((path == null) || (path.length() == 0)) > - path = "/"; > + return(false); > if ((pattern == null) || (pattern.length() == 0)) > pattern = "/"; > > I'll apply this fix if someone more versed in 4.x approves it. > > Keith > > | -----Original Message----- > | From: Keith Wannamaker [mailto:Keith@wannamaker.org] > | Sent: Wednesday, July 03, 2002 7:34 PM > | To: Tomcat-Dev@jakarta.apache.org > | Subject: Tomcat 4.x auth issue > | > | > | Tomcat 4.x has a problem -- it challenges for auth > | prior to any redirects. This is wrong because it causes > | most browsers to cache auth info for the entire domain > | when hitting top-level directories. > > > -- > To unsubscribe, e-mail: > For additional commands, e-mail: > -- To unsubscribe, e-mail: For additional commands, e-mail: