tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Vávra <va...@602.cz>
Subject Re: Form Authentication and Cache-Control
Date Tue, 16 Jul 2013 07:55:25 GMT
Hi.
  I've solved my problem. The correct attitude is to have all contexts 
unauthenticated and only few restrict. In my case restricted urls are 
/index.jsp, /admin/*, /user/*

In the original web.xml I had all contexts restricted and static context 
/common/* was masked out. Although the /common/* was not under 
authetication, Tomcat was adding the Cache-Control: private, Expires: 
1.1.1970 headers.
So I personally think this is a bug.

Thanks to Christopher Schultz who gave me a clue.

Jan.



> ===========
> My aps has these part
> /*          - common authenticated content
> /user/* - content for user
> /admin/* - content for admin
> /common/* - common unauthenticated static content like images, css, etc
>
> My web.xml
>
> <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>MyApp</web-resource-name>
>       <url-pattern>/*</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>myapp-admin-role</role-name>
>       <role-name>myapp-user-role</role-name>
>     </auth-constraint>
>   </security-constraint>
>
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>MyApp</web-resource-name>
>       <url-pattern>/admin/*</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>myapp-admin-role</role-name>
>     </auth-constraint>
>   </security-constraint>
>
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>MyApp</web-resource-name>
>       <url-pattern>/user/*</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>myapp-user-role</role-name>
>     </auth-constraint>
>   </security-constraint>
>
>   <!-- do not authenticate common -->
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>MyApp</web-resource-name>
>       <url-pattern>/common/*</url-pattern>
>     </web-resource-collection>
>   </security-constraint>
>
>
>   <login-config>
>     <auth-method>FORM</auth-method>
>     <form-login-config>
>       <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/login_failed.jsp</form-error-page>
>     </form-login-config>
>   </login-config>
>
>   <security-role>
>      <role-name>myapp-admin-role</role-name>
>    </security-role>
>    <security-role>
>      <role-name>myapp-user-role</role-name>
>   </security-role>
>
>
> Jan.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message