tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anton.gr...@de.man-mn.com
Subject Tomcat, other AppServer and ServletSpec_2.3
Date Tue, 14 Sep 2004 11:00:27 GMT




I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
you
think this behaviour is a requirement to confirm to the servlet-spec-2.3.

The reason for this question is that our production environment uses
another
appserver than tomcat (sorry for that!) which does not behave as expected.
The
support is (of course) of the opinion they do confirm to the spec.

My question is about the following feature:

An application which uses container security with form-based login secures
a certain
url (in my case a struts action). If I send a request for this url using
HttpPost and the
user-session is not(!) already authenticated Tomcat preserves the request
parameters
of the recent request after successfull authentication.

This is not true for our production environment.

Reading the servlet-spec-2.3 I find the following:

###

J2EE.12.5.3.1 Login Form Notes

...

</form>

If the form based login is invoked because of an HTTP request, the original
request parameters must be preserved by the container for use if, on
successful
authentication, it redirects the call to the requested resource.

###

What do you think?

Regards,

A. Grimm

---------------------------------------------------------------
Anton Grimm
MAN Nutzfahrzeuge AG
IDP - Software Produktionsumgebungen
Dachauerstr.667
D - 80995 M√ľnchen

Fon:       +49-89-1580-1054
Fax:       +49-89-1580-4550
mailto:    Anton_Grimm@de.man-mn.com
Internet: http://www.man-trucks.com
---------------------------------------------------------------



This message and any attachments are confidential and may be privileged or otherwise protected
from disclosure. 
If you are not the intended recipient, please telephone or email the sender and delete this
message and any attachment 
from your system. If you are not the intended recipient, you must not copy this message or
attachment or disclose the 
contents to any other person.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message