I'm hardly a 4.x expert, but this looks like it will solve the major problem.
This fix will still send an Auth to /myapp if you first request /myapp/protected, but that shouldn't be too much of a problem. In 5.0, I think that the spec is going to eventually require that we move the logic to the Mapper however. ----- Original Message ----- From: "Keith Wannamaker" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Wednesday, July 03, 2002 8:55 PM Subject: RE: Tomcat 4.x auth issue > The bugfix turned out to be a one-liner: > > Index: SecurityConstraint.java > =================================================================== > RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/de > ploy/SecurityConstraint.java,v > retrieving revision 1.5 > diff -u -r1.5 SecurityConstraint.java > --- SecurityConstraint.java 22 Jul 2001 20:25:10 -0000 1.5 > +++ SecurityConstraint.java 4 Jul 2002 02:50:10 -0000 > @@ -455,7 +455,7 @@ > > // Normalize the argument strings > if ((path == null) || (path.length() == 0)) > - path = "/"; > + return(false); > if ((pattern == null) || (pattern.length() == 0)) > pattern = "/"; > > I'll apply this fix if someone more versed in 4.x approves it. > > Keith > > | -----Original Message----- > | From: Keith Wannamaker [mailto:[EMAIL PROTECTED]] > | Sent: Wednesday, July 03, 2002 7:34 PM > | To: [EMAIL PROTECTED] > | Subject: Tomcat 4.x auth issue > | > | > | Tomcat 4.x has a problem -- it challenges for auth > | prior to any redirects. This is wrong because it causes > | most browsers to cache auth info for the entire domain > | when hitting top-level directories. > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>