tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Lunnon" <b...@mirrim.com.au>
Subject RE: How to enable secured JSP to be cached by browser?
Date Sun, 16 Feb 2003 01:38:24 GMT
Adam,

Even if you could do this (and it is not recommended!!!) the caching is not
going to solve the problem, each browser implements its own and different
caching policy.

The better way to do this is populate the form before the data is
re-displayed to the user (a two phase approach).
Scriplet may look like this

<%
somebean Bean = null;	// bean used to read/write the form data
String enteredParam = null;
boolean haveEntered = false; // set to true if the user has entered form
data
%>

<%
enteredParam = "":
if (haveEntered == true) {
	enteredParam = somebean.getEnteredValue();
}
%>
<input type="text" name="thing" value="<%=enteredParam%>">

Hope this helps

Bill
-----Original Message-----
From: Szwajkajzer Adam [mailto:A.Szwajkajzer@softbank.pl]
Sent: Friday, 14 February 2003 10:18 PM
To: tomcat-user@jakarta.apache.org
Subject: How to enable secured JSP to be cached by browser?


Hi all.
I'm using Tomcat 4.1.18 (in boundle with JBoss 3.0.5).
My application is configured to use declarative security (FORM based).
Here my problems start.
Each HTTP respons for secured JSP page gets amend by Tomcat.
Additional header Pragma, Cache-Control and Expires entries are inserted
to prevent the page to be locally cached.
I've found on that list it is performed by AuthenticatorBase class and was
added
to prevent security vulnerability.

The problem is with form pages in following scenario:
User inserts data, submits form, server returns an application error.
User returns to form page but it is reread from server and of course it's
empty.
(User gets angry while retyping all form data;)

Since the application is only used in intranet it would be acceptable to
locally cache
secured JSP pages.
So, is it possible to switch off  no-cache/expires feature in Tomcat 4.1.18?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message