tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Form Authentication and Cache-Control
Date Tue, 16 Jul 2013 16:46:18 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jan,

On 7/16/13 3:55 AM, Jan Vávra wrote:
> I've solved my problem. The correct attitude is to have all
> contexts unauthenticated and only few restrict. In my case
> restricted urls are /index.jsp, /admin/*, /user/*
> 
> In the original web.xml I had all contexts restricted and static
> context /common/* was masked out. Although the /common/* was not
> under authetication, Tomcat was adding the Cache-Control: private,
> Expires: 1.1.1970 headers. So I personally think this is a bug.

No, you told Tomcat that the entire site was under a security
constraint. The fact that you didn't have any required roles was
irrelevant. The cache-control headers are added for
security-constrained resources.

Tomcat is behaving properly.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR5XjZAAoJEBzwKT+lPKRYGt4QALeNapyXezWDsn0jEl7Oyd1S
a9mA89Ovc13nQiZF/ys/dmX4U9MsbzbBBArPmQaWzbdqZjcp2WlhUVgCmfA7mD33
8wAgE5M56R8uXm7NA2tDdrLX3jAYHrbG2TRO0x7rQZQIkNC9tEiAl1xCyDdiYehm
i3X3oH9ujluf7f/ducgTkr0NpYBL0SNjoi5DmBVws7ke5tbkLrY+zvPfwd/h9q5J
WenOI1MKJh7OHw6MVToe346f6ERdT85fc4UG4kaKEwq0cwak4JXyLr+PG9dsoMUQ
SoWS05adtYNZHRCfSTDdrmuv5CPch5/oP6AEQI3Y338+zsDo13aS/N2FRwFNygUB
kwzvP7HIEetT4VjpHSg21X9x0c6lqHlpHkQQjj9ZW6FY+af4Io/J0joihVMWTpfe
2zYpu5ZCRxPPd0j39YS2vc+9aV7eRmxEjpSIGbJbKqEQolTk3fN8Wqcug3pcKkNL
rcXx2d0c28obqIY5SkiLn676NAzXXTa5g5zXVt/08tBcouLv/dXfILwKe7Gg9cWn
jGe46l4XrGzvXugNemLv6eBKDZ5HGIfCeHzmO47E2X2UOY/+xUVqAh7npMcMWrUg
inZcOmtqKcALJcLI276R0d2z2qJnE4Wv//NlfdZBLVZZWhV8GDCQ0nKLaSF6FSET
QwDfaEHUXJKIa1onK7Yy
=OXjQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message