The bugfix turned out to be a one-liner:
Index: SecurityConstraint.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/de
ploy/SecurityConstraint.java,v
retrieving revision 1.5
diff -u -r1.5 SecurityConstraint.java
--- SecurityConstraint.java 22 Jul 2001 20:25:10 -0000 1.5
+++ SecurityConstraint.java 4 Jul 2002 02:50:10 -0000
@@ -455,7 +455,7 @@
// Normalize the argument strings
if ((path == null) || (path.length() == 0))
- path = "/";
+ return(false);
if ((pattern == null) || (pattern.length() == 0))
pattern = "/";
I'll apply this fix if someone more versed in 4.x approves it.
Keith
| -----Original Message-----
| From: Keith Wannamaker [mailto:[EMAIL PROTECTED]]
| Sent: Wednesday, July 03, 2002 7:34 PM
| To: [EMAIL PROTECTED]
| Subject: Tomcat 4.x auth issue
|
|
| Tomcat 4.x has a problem -- it challenges for auth
| prior to any redirects. This is wrong because it causes
| most browsers to cache auth info for the entire domain
| when hitting top-level directories.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
