Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 36C82950E for ; Sun, 5 Feb 2012 21:15:35 +0000 (UTC) Received: (qmail 40971 invoked by uid 500); 5 Feb 2012 21:15:32 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 40763 invoked by uid 500); 5 Feb 2012 21:15:31 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 40754 invoked by uid 99); 5 Feb 2012 21:15:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 05 Feb 2012 21:15:30 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jessh@ptc.com designates 12.11.148.84 as permitted sender) Received: from [12.11.148.84] (HELO irp2.ptc.com) (12.11.148.84) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 05 Feb 2012 21:15:22 +0000 X-IronPort-AV: E=Sophos;i="4.73,366,1325480400"; d="scan'208";a="106446104" Received: from hq-ex3fe3.ptcnet.ptc.com ([132.253.201.67]) by irp2.ptc.com with ESMTP; 05 Feb 2012 16:14:58 -0500 Received: from [10.196.0.173] ([132.253.201.117]) by hq-ex3fe3.ptcnet.ptc.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 5 Feb 2012 16:15:10 -0500 Message-ID: <4F2EF15D.8060805@ptc.com> Date: Sun, 05 Feb 2012 15:15:09 -0600 From: Jess Holle User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Christopher Schultz CC: Tomcat Users List , =?UTF-8?B?QW5kcsOpIFdhcm4=?= =?UTF-8?B?aWVy?= Subject: Re: [somewhat OT] Form Authentication POST data not preserved? References: <4F2C64E0.4060504@ptc.com> <4F2C655A.7030804@ptc.com> <4F2C66C2.7000100@ptc.com> <4F2D78A1.8000103@christopherschultz.net> <4F2DC3F6.4000108@ptc.com> <4F2E8791.3000209@ptc.com> <4F2E9B4F.9080804@ptc.com> <4F2EA38F.4060904@ptc.com> <4F2EB084.2000905@ptc.com> <4F2EC497.6090709@ice-sa.com> <4F2EC915.7010203@ptc.com> <4F2EEC49.10000@christopherschultz.net> In-Reply-To: <4F2EEC49.10000@christopherschultz.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Feb 2012 21:15:10.0511 (UTC) FILETIME=[3E423BF0:01CCE44B] On 2/5/2012 2:53 PM, Christopher Schultz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jess, > > On 2/5/12 1:23 PM, Jess Holle wrote: >> Certainly this is an optional / quality of implementation feature. >> I'm perfectly aware that other form-based authentication solutions >> will not save POST data and may even fail to replay requests at >> all. That's fine and good. The application design is not >> dependent on this behavior. Rather, Tomcat documentation says this >> should work and it doesn't -- that's the issue. > FWIW, SecurityFilter also provides similar capabilities. I'd be > shocked if this wasn't industry-wide capability for servlet containers. I was considering form-based authentication on an even broader basis -- as one can do this in the web server as instead of in the servlet engine. That said, yes, most solutions do cover this base -- and Tomcat says it does, but doesn't if you use an AJP connector. Fortunately the fix is trivial to patch in. -- Jess Holle --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org