Return-Path: 
 <tomcat-dev-return-35781-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org
Received: (qmail 16300 invoked from network); 25 Oct 2003 16:22:50 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 25 Oct 2003 16:22:50 -0000
Received: (qmail 27011 invoked by uid 500); 25 Oct 2003 16:22:37 -0000
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 26877 invoked by uid 500); 25 Oct 2003 16:22:37 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 26864 invoked from network); 25 Oct 2003 16:22:36 -0000
Received: from unknown (HELO exchange.sun.com) (192.18.33.10)
  by daedalus.apache.org with SMTP; 25 Oct 2003 16:22:36 -0000
Received: (qmail 21406 invoked by uid 50); 25 Oct 2003 16:25:48 -0000
Date: 25 Oct 2003 16:25:48 -0000
Message-ID: <20031025162548.21405.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: tomcat-dev@jakarta.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 23970]  -
    form-based authentication and SSL, general principles
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970

form-based authentication and SSL, general principles





------- Additional Comments From adam.hardy@cyberspaceroad.com  2003-10-25 16:25 -------
All I want to do is encrypt a login form but not the pages the
security-constraint protects.

It's all well and good that the spec says such-and-such, but what you are
ignoring is that fact that this change in TC5 is effectively taking away a
large, significant piece functionality from a large, significant percentage of
the people out there using TC. 

There are probably hundreds if not thousands of TC4 users out there doing what I
want to do in TC5 but can't.

It also implies that you (or rather the people who wrote the spec) expect that
other application server providers, i.e. IBM and BEA etc, will be willing to do
this to their users too, which is obviously a false assumption.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org