tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject RE: post data lost when redirecting from http to https
Date Mon, 03 Mar 2008 14:41:20 GMT
> From: Christopher Schultz []
> Peter Crowther wrote:
> |> From: J. Zach []
> |>
> |> When page2.jsp is secured in web.xml via security-constraint
> |> - transport
> |> confidential, the posted data from page1.jsp is lost on
> |> submit (it's simply missing missing in the request).
> |
> | That's expected:
> No, it's not. Tomcat goes out of its way to save the POST body.Here's
> the code from FormAuthenticator
> This method is called before the login form is shown. Note the special
> case for POST requests.

This is purely for forms authentication, i.e. where Tomcat is logging the user in.  The OP
didn't state either way about forms authentication, and I suspect isn't using it.

This code is not used in other cases, for example when merely redirecting a user to a confidential
(i.e. SSL) resource.

                - Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message