https://bz.apache.org/bugzilla/show_bug.cgi?id=64712
--- Comment #2 from Christopher Schultz <[email protected]> --- (In reply to Robert Rodewald from comment #0) > In my opinion the hard-coded authType "JASPIC" should be replaced by: > map.getOrDefault("javax.servlet.http.authType", "JASPIC") It's tough to tell what Tomcat expects to do with that value (currently "JASPIC"). It's used internally as the request-auth-type and session-auth-type but I don't see any published list of allowed values, there. What would happen if the JASPIC provider returned "SSL" as the auth-type. Is that legal and/or expected? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
