tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Authentication behaviour
Date Tue, 30 Sep 2008 23:27:52 GMT
> From: Maurizio Lotauro
> [mailto:maurizio.lotauro@territoriumonline.com]
> Subject: Authentication behaviour
>
> The server answers with 401 before it has received the
> whole content send from client. In fact it seems that
> the answer become right after the server has received
> the http header.

Looks proper to me for basic authentication.  As soon as the reference to the protected resource
is recognized, the 401 is sent; it's up to the client to resend all the input with the user
credentials on the next request.

Read the HTTP Authentication RFC:
http://tools.ietf.org/html/rfc2617

For synopses, try these:
http://en.wikipedia.org/wiki/Basic_access_authentication
http://en.wikipedia.org/wiki/Digest_access_authentication

If you're using form-based authentication, then the server captures any POST data submitted
with the request, and uses that following successful authentication.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message