tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: Tomcat, other AppServer and ServletSpec_2.3
Date Tue, 14 Sep 2004 19:03:34 GMT
Hi,

Tomcat behaviour is the right one (I've sopken with the spec lead). File 
a bug against your Container (or move to Tomcat :-) )

Thanks

-- Jeanfrancois

anton.grimm@de.man-mn.com wrote:
> 
> 
> 
> I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
> you
> think this behaviour is a requirement to confirm to the servlet-spec-2.3.
> 
> The reason for this question is that our production environment uses
> another
> appserver than tomcat (sorry for that!) which does not behave as expected.
> The
> support is (of course) of the opinion they do confirm to the spec.
> 
> My question is about the following feature:
> 
> An application which uses container security with form-based login secures
> a certain
> url (in my case a struts action). If I send a request for this url using
> HttpPost and the
> user-session is not(!) already authenticated Tomcat preserves the request
> parameters
> of the recent request after successfull authentication.
> 
> This is not true for our production environment.
> 
> Reading the servlet-spec-2.3 I find the following:
> 
> ###
> 
> J2EE.12.5.3.1 Login Form Notes
> 
> ...
> 
> </form>
> 
> If the form based login is invoked because of an HTTP request, the original
> request parameters must be preserved by the container for use if, on
> successful
> authentication, it redirects the call to the requested resource.
> 
> ###
> 
> What do you think?
> 
> Regards,
> 
> A. Grimm
> 
> ---------------------------------------------------------------
> Anton Grimm
> MAN Nutzfahrzeuge AG
> IDP - Software Produktionsumgebungen
> Dachauerstr.667
> D - 80995 M√ľnchen
> 
> Fon:       +49-89-1580-1054
> Fax:       +49-89-1580-4550
> mailto:    Anton_Grimm@de.man-mn.com
> Internet: http://www.man-trucks.com
> ---------------------------------------------------------------
> 
> 
> 
> This message and any attachments are confidential and may be privileged or otherwise
protected from disclosure.
> If you are not the intended recipient, please telephone or email the sender and delete
this message and any attachment
> from your system. If you are not the intended recipient, you must not copy this message
or attachment or disclose the
> contents to any other person.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message