Hello,
If I use auth-method FORM, all requests return with headers denying
caching on the browser side although I have excluded some part of my app
from authentication.
The headers for a png image are:
HTTP/1.1 304 Not Modified
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 UTC
ETag: W/"3907-1372233712661"
Date: Wed, 26 Jun 2013 11:06:17 GMT
If I add disableProxyCaching="false" to <Valve
className="org.apache.catalina.authenticator.FormAuthenticator"
characterEncoding="utf-8"/> at my context.xml the response headers
change to:
HTTP/1.1 304 Not Modified
Server: Apache-Coyote/1.1
ETag: W/"3907-1372233712661"
Date: Wed, 26 Jun 2013 11:25:23 GMT
and browser in the next request doesn't asks for this image.
Is it safe to override default bahaviour via disableProxyCaching?
Or I am something missing?
Or there is a best practice to place images, css styles into another
application?
===========
My aps has these part
/* - common authenticated content
/user/* - content for user
/admin/* - content for admin
/common/* - common unauthenticated static content like images, css, etc
My web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myapp-admin-role</role-name>
<role-name>myapp-user-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myapp-admin-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myapp-user-role</role-name>
</auth-constraint>
</security-constraint>
<!-- do not authenticate common -->
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/common/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_failed.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>myapp-admin-role</role-name>
</security-role>
<security-role>
<role-name>myapp-user-role</role-name>
</security-role>
Jan.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org