> From: J. Zach [mailto:[EMAIL PROTECTED] > I have an jsp page page1.jsp with a form > > <form action="page2.jsp" method="post">...</form> > > When page2.jsp is secured in web.xml via security-constraint > - transport > confidential, the posted data from page1.jsp is lost on > submit (it's simply missing missing in the request).
That's expected: - The page submits to http://server:port/page2.jsp - The server issues a 302 redirect to https://server:port/page2.jsp - before examining any page content to find out there's a POST. As your requirement is for confidentiality, this is correct - the server *must not* require any of the content to be sent before making the decision to redirect, or confidentiality could be broken. - The browser acts on the redirect and issues a GET for the redirected page, hence without the POST data. > Without the constraint everything works, > when changing action to https://server:port/page2.jsp it works too. Yes, as the intermediate redirect will be missing. > I'm wondering whether this could be a tomcat bug? No, it's a feature of HTTP. Change your form action (or set the entire site to be SSL). - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
