tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6279] - Resubmit to j_security_check mistakenly fetches a page of that name
Date Fri, 01 Nov 2002 03:19:14 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279

Resubmit to j_security_check mistakenly fetches a page of that name





------- Additional Comments From rhoegg@isisnetworks.net  2002-11-01 03:19 -------
This bug is still around in 4.1.12.

Brian: The code you posted and the modification you posted afterward are
difficult to understand.  It is usually standard practice to post patches in
unified diff format (diff -u).

My understanding of the problem is that:
1. We want FormAuthenticator to mirror BasicAuthenticator as closely as possible
from the user's perspective.
2. In BASIC authentication, when a user successfully authenticates and presses
the "back" button, the user is returned to the page she was on before attempting
to access a secured resource.  If the attempt to access the secured resource is
the very first page visited after opening a browser, then the "Back" button is
unavailable.

Number 2 is not reproducible using FormAuthenticator because an extra request is
generated (the request for the login page).  Therefore we must decide on a
desired behavior for this scenario.  Any takers?

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message