tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jess Holle <>
Subject Re: [somewhat OT] Form Authentication POST data not preserved?
Date Sun, 05 Feb 2012 21:15:09 GMT
On 2/5/2012 2:53 PM, Christopher Schultz wrote:
> Hash: SHA1
> Jess,
> On 2/5/12 1:23 PM, Jess Holle wrote:
>> Certainly this is an optional / quality of implementation feature.
>> I'm perfectly aware that other form-based authentication solutions
>> will not save POST data and may even fail to replay requests at
>> all.  That's fine and good.  The application design is not
>> dependent on this behavior. Rather, Tomcat documentation says this
>> should work and it doesn't -- that's the issue.
> FWIW, SecurityFilter also provides similar capabilities. I'd be
> shocked if this wasn't industry-wide capability for servlet containers.
I was considering form-based authentication on an even broader basis -- 
as one can do this in the web server as instead of in the servlet engine.

That said, yes, most solutions do cover this base -- and Tomcat says it 
does, but doesn't if you use an AJP connector.

Fortunately the fix is trivial to patch in.

Jess Holle

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message