I just noticed that if I set a 403 error status in a servlet, Tomcat
automatically adds the following HTML body with the error:
<h1>SSL required to access this page</H1>
Ugh.
I looked at the source code (3.2.2 of Tomcat) and notice that if
no 403 error-code handler is registered, it defaults to SSLRequiredHandler.
IMO, this is a bad default since SSL access is only one of many possible
reasons that access to a resource is forbidden.
To me, there should be no default, or if there is one, it should be a
canned response like "Access Forbidden".
So why was this done? A hack for SSL support? And when will it be changed.
--ewh
--
Earl W. Hood
Texas Instruments
[EMAIL PROTECTED]
972-917-1695
