https://issues.apache.org/bugzilla/show_bug.cgi?id=12428
--- Comment #30 from Christopher Schultz <ch...@christopherschultz.net> 2011-04-01 17:07:10 EDT --- Fascinating reading. My question would be: why does anyone want to have a resource that doesn't need authentication (no security-constraint) but then checks the authentication status, anyway (calls getPrincipal, isUserInRole, etc.)? If this "bug" was really ruining anyone's day, isn't it a simple matter of providing an aliased URL to the same resource that /is/ protected by a security-constrains and always sending authenticated users to /that/ URL instead? Glad the 9-year saga is over... -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org