tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Walding <>
Subject Enabling browser caching of (BASIC) authenticated pages (including page expiry and 304 responses to conditional gets)
Date Wed, 24 Apr 2002 08:40:35 GMT
I would like the ability to be able to enable browser caching of pages 
that are authenticated (for instance with BASIC authentication).  At 
present, AuthenticatorBase prevents this from occurring.

Why do I want this?

1. I like being able to use container based "security" (realms and 
security-constraints) as it makes development simpler.

2. The content of my site does not need to be truly secure, just 
passworded. This is a conscious decision I have made.

Why I can't do this (without hacking the source)?

org.apache.catalina.authenticator.AuthenticatorBase prevents this by 
adding headers (Pragma: No-cache, Cache-Control: no-cache, Expires: 1 
(1970ish)) to the HttpResponse, disabling my ability to set expiry times 
and return 304 statuses (and stops the browser from caching 
effectively).  This adds significantly to the overhead for my site 
(which is an electronic photoalbum where the photos are served via 
servlets) - most users are on modems and the imposition of 15 x 5k 
thumbnails is excessive and unnecessary.

I've removed these lines from my TomCat, but this does not represent a 
viable long-term solution.  I didn't  even realise that caching was 
disabled until I went searching through to determine why expiry wasn't 
working.  I'm sure there are others out there in this situation.


I'm not sure.  I think this behaviour should be optional (and probably 
on the SecurityConstraint), but I couldn't see anywhere appropriate 
within security-constraint dtd to put this kind of option. I believe it 
should also be configurable at a per servlet level, although the added 
security that this gives is minimal.

In the meantime, I'll just have to "fix" AuthenticatorBase.

If this is a feature request somewhere, let me know, otherwise I'll file 
a feature request into the bug database.

(BTW, the photoalbum works really well (quickly) now as it understands 
conditional gets and can send 304s and appropriate expiry times). Thanks 
jakarta (especially TomCat!).

Any comments (including the comment - you are an idiot - do this...)



To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message