Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 15341 invoked from network); 14 Sep 2004 11:01:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 14 Sep 2004 11:01:05 -0000 Received: (qmail 24653 invoked by uid 500); 14 Sep 2004 11:00:53 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 24600 invoked by uid 500); 14 Sep 2004 11:00:52 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 24587 invoked by uid 99); 14 Sep 2004 11:00:52 -0000 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=MIME_QP_LONG_LINE,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from [151.136.100.137] (HELO wgate2.mn.man.de) (151.136.100.137) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 14 Sep 2004 04:00:48 -0700 Received: by wgate2.mn.man.de (8.11.6p2G/8.11.6) id i8EB0gf17532 for tomcat-dev@jakarta.apache.org; Tue, 14 Sep 2004 13:00:42 +0200 (CEST) Received: (from localhost) by wgate2.mn.man.de (MSCAN) id 3/wgate2.mn.man.de/smtp-gw/mscan; Tue Sep 14 13:00:42 2004 Subject: Tomcat, other AppServer and ServletSpec_2.3 To: tomcat-dev@jakarta.apache.org X-Mailer: Lotus Notes Release 6.5 September 26, 2003 Message-ID: Date: Tue, 14 Sep 2004 13:00:27 +0200 From: anton.grimm@de.man-mn.com MIME-Version: 1.0 X-MIMETrack: Serialize by Router on MMMAIL004/SRV/MAN_Nutzfahrzeuge(Release 6.0.3|September 18, 2003) at 14.09.2004 13:00:26, Itemize by SMTP Server on MNDEMUCHUB003/SRV/MAN_Nutzfahrzeuge(Release 6.5.1|January 21, 2004) at 14.09.2004 13:00:28, Serialize by Router on MNDEMUCHUB003/SRV/MAN_Nutzfahrzeuge(Release 6.5.1|January 21, 2004) at 14.09.2004 13:00:33, Serialize complete at 14.09.2004 13:00:33 Content-transfer-encoding: quoted-printable Content-type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if you think this behaviour is a requirement to confirm to the servlet-spec-2.3. The reason for this question is that our production environment uses another appserver than tomcat (sorry for that!) which does not behave as expected. The support is (of course) of the opinion they do confirm to the spec. My question is about the following feature: An application which uses container security with form-based login secures a certain url (in my case a struts action). If I send a request for this url using HttpPost and the user-session is not(!) already authenticated Tomcat preserves the request parameters of the recent request after successfull authentication. This is not true for our production environment. Reading the servlet-spec-2.3 I find the following: ### J2EE.12.5.3.1 Login Form Notes ... If the form based login is invoked because of an HTTP request, the original request parameters must be preserved by the container for use if, on successful authentication, it redirects the call to the requested resource. ### What do you think=3F Regards, A. Grimm --------------------------------------------------------------- Anton Grimm MAN Nutzfahrzeuge AG IDP - Software Produktionsumgebungen Dachauerstr.667 D - 80995 M=FCnchen Fon: +49-89-1580-1054 Fax: +49-89-1580-4550 mailto: Anton=5FGrimm@de.man-mn.com Internet: http://www.man-trucks.com --------------------------------------------------------------- This message and any attachments are confidential and may be privileged or o= therwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender = and delete this message and any attachment from your system. If you are not the intended recipient, you must not copy t= his message or attachment or disclose the contents to any other person. --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org