2011/9/2 Mabry Tyson :
> Summary: When requiring form authentication, Tomcat responds to an
> unauthenticated GET request with a HTTP status code of 200 (OK) and the
> login page.
> I believe that to be in violation of the HTTP standards.
>
> The problem: Software makes a GET request to a web serv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jess,
On 9/1/2011 7:06 PM, Jess Holle wrote:
> So form-based authentication is an obnoxious mutt -- but a mutt
> that everyone seems to have fallen in love with.
>
> This isn't Tomcat's fault, however, and Tomcat is doing the normal
> thing by return
That's the unfortunate way of form-based authentication. It's an
application convention rather than a protocol-level standard -- it's not
a standard but rather a loose convention and has to be handled by the
application code rather than seamlessly with at protocol handling level.
As such it's
