tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java
Date Wed, 02 Mar 2005 21:32:51 GMT
Jan Luehe wrote:
> Bill/Remy,
> 
> But SRV.9.10 ("Welcome Files") already has this:
> 
>   The container may send the request to the welcome resource with
>   a forward, a redirect, or a container specific mechanism
>   **that is indistinguishable from a direct request**.
> 
> The latter to me implies that any sec constraints must be applied
> to the mapped welcome page (if any).

The plot thickens.

> Also, see the attached diffs, in particular:
> 
> -        String uri = request.getDecodedRequestURI();
> -        String contextPath = hreq.getContextPath();
> -        if (contextPath.length() > 0)
> -            uri = uri.substring(contextPath.length());
> +        String uri = request.getRequestPathMB().toString();
> 
> in findSecurityConstraints().
> 
> When accessing <host>:<port>:/somecontext/,
> which has welcome page /somecontext/index.jsp,
> 
> request.getDecodedRequestURI() returns "/somecontext/",
> whereas request.getRequestPathMB().toString() returns
> "/index.jsp" (as set by the mapper), so there already is a precedent
> in findSecurityConstraints() to match sec constraints against
> welcome page, which I think makes sense.

Right. However, when I made that commit, the current mapper behavior may 
not have been in place already, or maybe it's simply that I thought the 
two would be equivalent (I was busy optimizing at the time). I don't 
quite remember ;)

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message