I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
you
think this behaviour is a requirement to confirm to the servlet-spec-2.3.
The reason for this question is that our production environment uses
another
appserver than tomcat (sorry for that!) which does not behave as expected.
The
support is (of course) of the opinion they do confirm to the spec.
My question is about the following feature:
An application which uses container security with form-based login secures
a certain
url (in my case a struts action). If I send a request for this url using
HttpPost and the
user-session is not(!) already authenticated Tomcat preserves the request
parameters
of the recent request after successfull authentication.
This is not true for our production environment.
Reading the servlet-spec-2.3 I find the following:
###
J2EE.12.5.3.1 Login Form Notes
...
</form>
If the form based login is invoked because of an HTTP request, the original
request parameters must be preserved by the container for use if, on
successful
authentication, it redirects the call to the requested resource.
###
What do you think?
Regards,
A. Grimm
---------------------------------------------------------------
Anton Grimm
MAN Nutzfahrzeuge AG
IDP - Software Produktionsumgebungen
Dachauerstr.667
D - 80995 München
Fon: +49-89-1580-1054
Fax: +49-89-1580-4550
mailto: [EMAIL PROTECTED]
Internet: http://www.man-trucks.com
---------------------------------------------------------------
This message and any attachments are confidential and may be privileged or otherwise
protected from disclosure.
If you are not the intended recipient, please telephone or email the sender and delete
this message and any attachment
from your system. If you are not the intended recipient, you must not copy this
message or attachment or disclose the
contents to any other person.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
