tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Authentication behaviour
Date Thu, 09 Oct 2008 18:16:20 GMT
Hash: SHA1


Maurizio Lotauro wrote:
> On 6 Oct 2008 at 14:58, Christopher Schultz wrote:
>> Is it a problem to get this 401 before the request is complete?
> In my case it was a problem because the receive of the server response trigger an "end
> operation" state. Then the repeat of the transmission implicitly interrupt the previous
> Internally it works asyncronous, and this behaviour breaks its state diagram.

If you are writing network code, you need to handle disconnects at any time.

>> That's a reasonable interpretation of the spec, but obviously not
>> a practical one.
> Even omitting "and interpreting"?

Sure. The server can interpret part of the request and respond whenever
it wants. Here's another good example: some servers have a file-size
upload limit. If the server were required to process the entire file
upload before rejecting it (based upon the Content-Length header), DOS
attacks would be trivial to mount against any web server.

> Anyway, as said I my client now is able to handle this situation. The point I wanted
only raise 
> up was what IMHO doesn't fully adhere to the rfc 2616. Maybe other clients can have the

> same problem.

I think my file upload example is a compelling one. I'm glad you were
able to update your client.

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message