tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <Peter.Crowt...@melandra.com>
Subject RE: post data lost when redirecting from http to https
Date Mon, 03 Mar 2008 14:41:20 GMT
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Peter Crowther wrote:
> |> From: J. Zach [mailto:zach@centrum.cz]
> |>
> |> When page2.jsp is secured in web.xml via security-constraint
> |> - transport
> |> confidential, the posted data from page1.jsp is lost on
> |> submit (it's simply missing missing in the request).
> |
> | That's expected:
>
> No, it's not. Tomcat goes out of its way to save the POST body.Here's
> the code from FormAuthenticator
[elided]
> This method is called before the login form is shown. Note the special
> case for POST requests.

This is purely for forms authentication, i.e. where Tomcat is logging the user in.  The OP
didn't state either way about forms authentication, and I suspect isn't using it.

This code is not used in other cases, for example when merely redirecting a user to a confidential
(i.e. SSL) resource.

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message