tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicholas Sushkin <>
Subject Re: Should Form Authentication Valve restore request body on a PUT?
Date Thu, 06 Oct 2011 23:35:16 GMT
Ok, traced the 403 to DefaultServlet being readonly, which is somehow relevant 
during login form forward.

On Thursday, October 06, 2011 18:27:13 Nicholas Sushkin wrote:
> I found out that in Tomcat 6.0 trunk, if user is not authentication and app
> is configured for FORM authentication, POST and GET requests return 200 and
> the login form, but PUT returns 403 and error page. What might explain the
> difference in handling PUT?
> I tried to run in debugger, but it wasn't immediately obvious.
> forwardToLoginPage is called in all cases, but there is some difference in
> the way dispatcher processes the forward.
Nicholas Sushkin, Senior Software Engineer, Manager of IT Operations
Open Finance - Secure, Accurate, Industrial Strength Aggregation
View raw message