Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4F597200D50 for ; Mon, 4 Dec 2017 21:54:19 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 4DCBF160BF9; Mon, 4 Dec 2017 20:54:19 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 94A58160BF7 for ; Mon, 4 Dec 2017 21:54:18 +0100 (CET) Received: (qmail 57789 invoked by uid 500); 4 Dec 2017 20:54:17 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 57779 invoked by uid 99); 4 Dec 2017 20:54:17 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Dec 2017 20:54:17 +0000 Received: from mail-ot0-f175.google.com (mail-ot0-f175.google.com [74.125.82.175]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id D6ED21A009B for ; Mon, 4 Dec 2017 20:54:16 +0000 (UTC) Received: by mail-ot0-f175.google.com with SMTP id e74so15964689ote.7 for ; Mon, 04 Dec 2017 12:54:16 -0800 (PST) X-Gm-Message-State: AJaThX60iLGYj0uxEXXCIjNy2GOyS1qTGZrm2ZkcxS00f3oZQJjOPWt7 E71rbr7ickqPIb7tVo6KLmbhRyfTvNedf3oAB8g= X-Google-Smtp-Source: AGs4zMYTZtQU1hvurpQUI7D2KrbwH+7CUR66GQ/lg7Hz6FZLLVhtCC/5QLeCx8UxEV2DCGS1KAy75wapGCUXwtRyBjQ= X-Received: by 10.157.86.215 with SMTP id b23mr17057030otj.152.1512420854990; Mon, 04 Dec 2017 12:54:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.10.231 with HTTP; Mon, 4 Dec 2017 12:54:14 -0800 (PST) In-Reply-To: <75ac0a88-5928-1ed7-9d2a-0422dc76e9ac@apache.org> References: <20171204165913.229803A00AF@svn01-us-west.apache.org> <05e26dc4-138d-79ea-7bea-299a8abeacfc@apache.org>

<75ac0a88-5928-1ed7-9d2a-0422dc76e9ac@apache.org> From: =?UTF-8?Q?R=C3=A9my_Maucherat?= Date: Mon, 4 Dec 2017 21:54:14 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r1817105 - in /tomcat/trunk: java/org/apache/catalina/core/ApplicationPushBuilder.java webapps/docs/changelog.xml To: Tomcat Developers List Content-Type: multipart/alternative; boundary="94eb2c09226ed00e9a055f89eb1c" archived-at: Mon, 04 Dec 2017 20:54:19 -0000 --94eb2c09226ed00e9a055f89eb1c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Dec 4, 2017 at 9:22 PM, Mark Thomas wrote: > On 04/12/17 19:50, Mark Thomas wrote: > > On 04/12/17 18:03, R=C3=A9my Maucherat wrote: > > > > >> Another "feature" that looks almost impossible to implement I guess. > > > > Hmm. I only read the first part of the Javadoc. I'm not really sure wha= t > > the second part is getting at with "... a container generated token..."= . > > I'll have a look back at the archive to see if there was any EG > > discussion on this point. > > That second part was part of the original proposal and there was never > any discussion about what it actually meant. > > Thinking about it, I think we could do the following and be spec complian= t: > > - Set a header e.g. "Authorization: x-push" > - Copy the authenticated Principal from the base request to the > pushTarget > > That meets the requirements: > - "an Authorization header will be set with a container generated token" > - "result in equivalent Authorization for the pushed request" > > The spec does imply that it is the token that results in authorization > but it doesn't actually mandate it. I think there is enough flexibility > in the wording that the above would be OK. > > Thoguhts? > > Indeed, it doesn't say that it has to be an autorization header that woul= d normally work, only a token. R=C3=A9my --94eb2c09226ed00e9a055f89eb1c--