tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Tomcat, other AppServer and ServletSpec_2.3
Date Tue, 14 Sep 2004 11:00:27 GMT

I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
think this behaviour is a requirement to confirm to the servlet-spec-2.3.

The reason for this question is that our production environment uses
appserver than tomcat (sorry for that!) which does not behave as expected.
support is (of course) of the opinion they do confirm to the spec.

My question is about the following feature:

An application which uses container security with form-based login secures
a certain
url (in my case a struts action). If I send a request for this url using
HttpPost and the
user-session is not(!) already authenticated Tomcat preserves the request
of the recent request after successfull authentication.

This is not true for our production environment.

Reading the servlet-spec-2.3 I find the following:


J2EE. Login Form Notes



If the form based login is invoked because of an HTTP request, the original
request parameters must be preserved by the container for use if, on
authentication, it redirects the call to the requested resource.


What do you think?


A. Grimm

Anton Grimm
MAN Nutzfahrzeuge AG
IDP - Software Produktionsumgebungen
D - 80995 M√ľnchen

Fon:       +49-89-1580-1054
Fax:       +49-89-1580-4550

This message and any attachments are confidential and may be privileged or otherwise protected
from disclosure. 
If you are not the intended recipient, please telephone or email the sender and delete this
message and any attachment 
from your system. If you are not the intended recipient, you must not copy this message or
attachment or disclose the 
contents to any other person.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message