DO NOT REPLY [Bug 23970] - form-based authentication and SSL, general principles
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970 form-based authentication and SSL, general principles --- Additional Comments From [EMAIL PROTECTED] 2003-10-25 16:25 --- All I want to do is encrypt a login form but not the pages the security-constraint protects. It's all well and good that the spec says such-and-such, but what you are ignoring is that fact that this change in TC5 is effectively taking away a large, significant piece functionality from a large, significant percentage of the people out there using TC. There are probably hundreds if not thousands of TC4 users out there doing what I want to do in TC5 but can't. It also implies that you (or rather the people who wrote the spec) expect that other application server providers, i.e. IBM and BEA etc, will be willing to do this to their users too, which is obviously a false assumption. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 23970] - form-based authentication and SSL, general principles
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970 form-based authentication and SSL, general principles [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2003-10-23 17:32 --- If you read the spec, you'll see the word forward being metioned in conjunction with the login page. Hence, it doesn't have to go through the constraints checks. This will not be implemented, as most people considered using a sendRedirect for FORM handling was evil. There are two areas which have different behavior in TC 5: - welcome files redirection - FORM redirection Since those are important changes, they weren't ported to Tomcat 4.1.x. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 23970] - form-based authentication and SSL, general principles
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23970 form-based authentication and SSL, general principles --- Additional Comments From [EMAIL PROTECTED] 2003-10-21 14:48 --- Another alternative solution would be to allow the form-based authentication login page to submit to https://mydomain:8443/mycontext/j_security_check - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]