Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 28257 invoked from network); 9 Dec 2010 20:07:43 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 9 Dec 2010 20:07:43 -0000 Received: (qmail 12812 invoked by uid 500); 9 Dec 2010 20:07:39 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 12748 invoked by uid 500); 9 Dec 2010 20:07:39 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 12739 invoked by uid 99); 9 Dec 2010 20:07:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Dec 2010 20:07:39 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [76.96.59.212] (HELO qmta14.westchester.pa.mail.comcast.net) (76.96.59.212) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Dec 2010 20:07:32 +0000 Received: from omta18.westchester.pa.mail.comcast.net ([76.96.62.90]) by qmta14.westchester.pa.mail.comcast.net with comcast id h1kV1f0031wpRvQ5E87CGG; Thu, 09 Dec 2010 20:07:12 +0000 Received: from [192.168.1.201] ([69.143.109.145]) by omta18.westchester.pa.mail.comcast.net with comcast id h87B1f00938FjT13e87B5g; Thu, 09 Dec 2010 20:07:11 +0000 Message-ID: <4D0136F1.5090305@christopherschultz.net> Date: Thu, 09 Dec 2010 15:07:13 -0500 From: Christopher Schultz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: enforcing SSL only for external clients References: <4CFE8A8C.9000102@ice-sa.com> <4CFEB6F3.1000509@ice-sa.com> <99C8B2929B39C24493377AC7A121E21F9A09B2F087@USEA-EXCH8.na.uis.unisys.com> <4CFFD13E.5060605@christopherschultz.net> <4D00003C.8020806@ice-sa.com> <4D000337.9080905@christopherschultz.net> <4D000D8F.4030406@ice-sa.com> <4D010AFE.9090105@christopherschultz.net> <4D0124E3.70301@ice-sa.com> In-Reply-To: <4D0124E3.70301@ice-sa.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André, On 12/9/2010 1:50 PM, André Warnier wrote: > Assume that the upload URL in question is handled by an application > requiring HTTPS. > And assume that the web application requires some form of user > authentication. Ok. > Are you telling me that if a user connects for the first time to the > site using this "upload URL", Tomcat is going to read the entire POST > request prior to checking if this user is authenticated ? It might not even need to be an upload URL. If the authenticator rejects the request, or even if the application rejects the request for some reason, I believe there's a loop in the Tomcat code before shutting everything down that looks something like this: while(in.read()) ; That means that you can hold-up a thread as long as you can keep sending data. I'm not sure what happens if the servlet explicitly closes the input stream... clearly Tomcat can't drain it once it's closed. I may be wrong -- this used to be the behavior; it may have changed since then. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0BNvEACgkQ9CaO5/Lv0PC5YwCeIzI4s/DEqStd1oftm/AZ/GY3 +RQAmwb5Jq6ZvCH4855VSlez/fxzqvCM =sjH1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org