tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Lunnon" <>
Subject RE: How to enable secured JSP to be cached by browser?
Date Sun, 16 Feb 2003 01:38:24 GMT

Even if you could do this (and it is not recommended!!!) the caching is not
going to solve the problem, each browser implements its own and different
caching policy.

The better way to do this is populate the form before the data is
re-displayed to the user (a two phase approach).
Scriplet may look like this

somebean Bean = null;	// bean used to read/write the form data
String enteredParam = null;
boolean haveEntered = false; // set to true if the user has entered form

enteredParam = "":
if (haveEntered == true) {
	enteredParam = somebean.getEnteredValue();
<input type="text" name="thing" value="<%=enteredParam%>">

Hope this helps

-----Original Message-----
From: Szwajkajzer Adam []
Sent: Friday, 14 February 2003 10:18 PM
Subject: How to enable secured JSP to be cached by browser?

Hi all.
I'm using Tomcat 4.1.18 (in boundle with JBoss 3.0.5).
My application is configured to use declarative security (FORM based).
Here my problems start.
Each HTTP respons for secured JSP page gets amend by Tomcat.
Additional header Pragma, Cache-Control and Expires entries are inserted
to prevent the page to be locally cached.
I've found on that list it is performed by AuthenticatorBase class and was
to prevent security vulnerability.

The problem is with form pages in following scenario:
User inserts data, submits form, server returns an application error.
User returns to form page but it is reread from server and of course it's
(User gets angry while retyping all form data;)

Since the application is only used in intranet it would be acceptable to
locally cache
secured JSP pages.
So, is it possible to switch off  no-cache/expires feature in Tomcat 4.1.18?

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message