DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9772 RequestDispatcher.forward(resource) does not perform necessary checks [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|DUPLICATE | ------- Additional Comments From [EMAIL PROTECTED] 2002-06-12 11:30 ------- >> Not checking security constraints on forwarded requests >> is part of the servlet spec. Where? Checked Servlet 2.2 and 2.3 spec and could not find such a documentation. Anyway: there is also NO spec which tells that a check must be performed, but security-constraints without checking do not make real sense. Also all other servlet-containers to perform a checking within their forward() method. If forward() does not need to perform security checks: how can I redirect the configured (form-based) login-page to the browser? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
