tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From michael-o <...@git.apache.org>
Subject [GitHub] tomcat pull request #98: Fix for BZ62048
Date Fri, 15 Jun 2018 19:15:16 GMT
Github user michael-o commented on a diff in the pull request:

    https://github.com/apache/tomcat/pull/98#discussion_r195838254
  
    --- Diff: java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java ---
    @@ -173,6 +177,36 @@ protected String add(HttpServletRequest request,String name,
             return stringWriter.toString();
         }
     
    +    /**
    +     * Log out by invalidating the current session and sending 401
    +     * in order to prompt user for new login upon next access.
    +     *
    +     * @param request The Servlet request
    +     * @param response The Servlet response
    +     */
    +    protected void logout(HttpServletRequest request, HttpServletResponse response) throws
IOException {
    +        response.setHeader("WWW-Authenticate","Basic realm=\"Login required\"");
    --- End diff --
    
    I don't like this because you assume from within the code that the auth mech is basic
which is not always true.


---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message