Return-Path: 
 <tomcat-user-return-53402-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 90123 invoked from network); 14 Feb 2003 11:18:35 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 14 Feb 2003 11:18:35 -0000
Received: (qmail 19445 invoked by uid 97); 14 Feb 2003 11:20:19 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 19438 invoked from network); 14 Feb 2003 11:20:19 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 14 Feb 2003 11:20:19 -0000
Received: (qmail 88643 invoked by uid 500); 14 Feb 2003 11:18:17 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 88632 invoked from network); 14 Feb 2003 11:18:17 -0000
Received: from unknown (HELO sbk-wa.int.softbank.pl) (212.244.73.178)
  by daedalus.apache.org with SMTP; 14 Feb 2003 11:18:17 -0000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Subject: How to enable secured JSP to be cached by browser?
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Fri, 14 Feb 2003 12:18:05 +0100
Message-ID: <0FC256809F478F458D17066738450B3A11F240@sbk-wa.int.softbank.pl>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: How to enable secured JSP to be cached by browser?
Thread-Index: AcLUCyFxKLqfzz/+EdewdQDAT2EJlgAAoDtQAAMiA2A=
From: "Szwajkajzer  Adam" <A.Szwajkajzer@softbank.pl>
To: <tomcat-user@jakarta.apache.org>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Hi all.
I'm using Tomcat 4.1.18 (in boundle with JBoss 3.0.5).
My application is configured to use declarative security (FORM based).
Here my problems start.
Each HTTP respons for secured JSP page gets amend by Tomcat.
Additional header Pragma, Cache-Control and Expires entries are inserted
to prevent the page to be locally cached.
I've found on that list it is performed by AuthenticatorBase class and =
was added=20
to prevent security vulnerability.

The problem is with form pages in following scenario:=20
User inserts data, submits form, server returns an application error.=20
User returns to form page but it is reread from server and of course =
it's empty.
(User gets angry while retyping all form data;)

Since the application is only used in intranet it would be acceptable to =
locally cache=20
secured JSP pages.
So, is it possible to switch off  no-cache/expires feature in Tomcat =
4.1.18?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org