tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicholas Sushkin <nsush...@openfinance.com>
Subject Should Form Authentication Valve restore request body on a PUT?
Date Thu, 29 Sep 2011 19:37:43 GMT
In Tomcat 6, Form Authentication valve restores the original request after a 
POST with successful authentication and redirect is followed by the client's 
GET. In case of the POST, the valve also restores the original request's body. 
However, it doesn't do that for a PUT. If I am not mistaken, it should restore 
the body on PUT as well. Do I misunderstand something?


The patch would be in FormAuthenticator.restoreRequest(Request, Session) [1], 
to change from

    if ("POST".equalsIgnoreCase(saved.getMethod())) { 

to

    if ("POST".equalsIgnoreCase(saved.getMethod()) || 
        "PUT".equalsIgnoreCase(saved.getMethod())
        ) { 

[1] 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?view=markup#l450
-- 
Nicholas Sushkin, Senior Software Engineer, Manager of IT Operations
Open Finance - Secure, Accurate, Industrial Strength Aggregation
<http://www.openfinance.com>
Mime
View raw message