Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 58756 invoked from network); 3 Mar 2008 14:35:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Mar 2008 14:35:57 -0000 Received: (qmail 14259 invoked by uid 500); 3 Mar 2008 14:35:41 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 14235 invoked by uid 500); 3 Mar 2008 14:35:41 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 14224 invoked by uid 99); 3 Mar 2008 14:35:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2008 06:35:41 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [76.96.30.24] (HELO QMTA02.emeryville.ca.mail.comcast.net) (76.96.30.24) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2008 14:35:04 +0000 Received: from OMTA09.emeryville.ca.mail.comcast.net ([76.96.30.20]) by QMTA02.emeryville.ca.mail.comcast.net with comcast id weac1Y00N0S2fkCA200200; Mon, 03 Mar 2008 14:34:38 +0000 Received: from [192.168.1.125] ([68.55.225.178]) by OMTA09.emeryville.ca.mail.comcast.net with comcast id webC1Y0093ra03G8V00000; Mon, 03 Mar 2008 14:35:13 +0000 X-Authority-Analysis: v=1.0 c=1 a=uO2W15Wbxb4A:10 a=mV9VRH-2AAAA:8 a=xe8BsctaAAAA:8 a=EtDzOgVH7MG_sycHn98A:9 a=vfgjmdEE0Ebp8j8SSjIA:7 a=79rlcceURLk-NOENWSYBJBXG5KMA:4 a=rPt6xJ-oxjAA:10 Message-ID: <47CC0C9E.8070806@christopherschultz.net> Date: Mon, 03 Mar 2008 09:35:10 -0500 From: Christopher Schultz User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: post data lost when redirecting from http to https References: <15799796.post@talk.nabble.com> <6715CF65287F8F408DA109EC03AC6C0D03C63AD3E2@puma.melandra.net> In-Reply-To: <6715CF65287F8F408DA109EC03AC6C0D03C63AD3E2@puma.melandra.net> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter, Peter Crowther wrote: |> From: J. Zach [mailto:zach@centrum.cz] |> |> When page2.jsp is secured in web.xml via security-constraint |> - transport |> confidential, the posted data from page1.jsp is lost on |> submit (it's simply missing missing in the request). | | That's expected: No, it's not. Tomcat goes out of its way to save the POST body.Here's the code from FormAuthenticator (see http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java): ~ protected void saveRequest(Request request, Session session) ~ throws IOException { ~ // Create and populate a SavedRequest object for this request ~ SavedRequest saved = new SavedRequest(); ~ Cookie cookies[] = request.getCookies(); ~ if (cookies != null) { ~ for (int i = 0; i < cookies.length; i++) ~ saved.addCookie(cookies[i]); ~ } ~ Enumeration names = request.getHeaderNames(); ~ while (names.hasMoreElements()) { ~ String name = (String) names.nextElement(); ~ Enumeration values = request.getHeaders(name); ~ while (values.hasMoreElements()) { ~ String value = (String) values.nextElement(); ~ saved.addHeader(name, value); ~ } ~ } ~ Enumeration locales = request.getLocales(); ~ while (locales.hasMoreElements()) { ~ Locale locale = (Locale) locales.nextElement(); ~ saved.addLocale(locale); ~ } ~ if ("POST".equalsIgnoreCase(request.getMethod())) { ~ ByteChunk body = new ByteChunk(); ~ body.setLimit(request.getConnector().getMaxSavePostSize()); ~ byte[] buffer = new byte[4096]; ~ int bytesRead; ~ InputStream is = request.getInputStream(); ~ while ( (bytesRead = is.read(buffer) ) >= 0) { ~ body.append(buffer, 0, bytesRead); ~ } ~ saved.setContentType(request.getContentType()); ~ saved.setBody(body); ~ } ~ saved.setMethod(request.getMethod()); ~ saved.setQueryString(request.getQueryString()); ~ saved.setRequestURI(request.getRequestURI()); ~ // Stash the SavedRequest in our session for later use ~ session.setNote(Constants.FORM_REQUEST_NOTE, saved); ~ } This method is called before the login form is shown. Note the special case for POST requests. There is a caveat: there is a maximum size for the POST request. Jan, how big is the POST request that you are attempting to submit across the authentication boundary? The default maxPostSize for both the HTTP and AJP connectors is 2MiB. Are you seeing any messages in your catalina.out when you lose this data? It doesn't look like FormAuthenticator cares about HTTP versus HTTPS, but the saved request goes into the session, so perhaps you are losing your session during this process? Try adding some logging to make sure that the session id is consistent. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfMDJ4ACgkQ9CaO5/Lv0PAAowCgon8oikEdG3AWbmJVE7pmrhSp M58AnRNlOWcdEGU9GmMDUX5UCdhI1RRr =f8pY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org