-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jan,
On 7/16/13 3:55 AM, Jan Vávra wrote: > I've solved my problem. The correct attitude is to have all > contexts unauthenticated and only few restrict. In my case > restricted urls are /index.jsp, /admin/*, /user/* > > In the original web.xml I had all contexts restricted and static > context /common/* was masked out. Although the /common/* was not > under authetication, Tomcat was adding the Cache-Control: private, > Expires: 1.1.1970 headers. So I personally think this is a bug. No, you told Tomcat that the entire site was under a security constraint. The fact that you didn't have any required roles was irrelevant. The cache-control headers are added for security-constrained resources. Tomcat is behaving properly. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR5XjZAAoJEBzwKT+lPKRYGt4QALeNapyXezWDsn0jEl7Oyd1S a9mA89Ovc13nQiZF/ys/dmX4U9MsbzbBBArPmQaWzbdqZjcp2WlhUVgCmfA7mD33 8wAgE5M56R8uXm7NA2tDdrLX3jAYHrbG2TRO0x7rQZQIkNC9tEiAl1xCyDdiYehm i3X3oH9ujluf7f/ducgTkr0NpYBL0SNjoi5DmBVws7ke5tbkLrY+zvPfwd/h9q5J WenOI1MKJh7OHw6MVToe346f6ERdT85fc4UG4kaKEwq0cwak4JXyLr+PG9dsoMUQ SoWS05adtYNZHRCfSTDdrmuv5CPch5/oP6AEQI3Y338+zsDo13aS/N2FRwFNygUB kwzvP7HIEetT4VjpHSg21X9x0c6lqHlpHkQQjj9ZW6FY+af4Io/J0joihVMWTpfe 2zYpu5ZCRxPPd0j39YS2vc+9aV7eRmxEjpSIGbJbKqEQolTk3fN8Wqcug3pcKkNL rcXx2d0c28obqIY5SkiLn676NAzXXTa5g5zXVt/08tBcouLv/dXfILwKe7Gg9cWn jGe46l4XrGzvXugNemLv6eBKDZ5HGIfCeHzmO47E2X2UOY/+xUVqAh7npMcMWrUg inZcOmtqKcALJcLI276R0d2z2qJnE4Wv//NlfdZBLVZZWhV8GDCQ0nKLaSF6FSET QwDfaEHUXJKIa1onK7Yy =OXjQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org