On 30 Sep 2008 at 18:27, Caldarale, Charles R wrote: > > From: Maurizio Lotauro > > [mailto:[EMAIL PROTECTED] > > Subject: Authentication behaviour > > > > The server answers with 401 before it has received the > > whole content send from client. In fact it seems that > > the answer become right after the server has received > > the http header. > > Looks proper to me for basic authentication. As soon as the reference > to the protected resource is recognized, the 401 is sent; it's up to > the client to resend all the input with the user credentials on the > next request. > > Read the HTTP Authentication RFC: > http://tools.ietf.org/html/rfc2617
I already readed this rfc and now I have read it again, but I'm unable to found where it describe that the server can answer with 401 before the client has finished to send all data. In that case the client must anyway send the rest of data before making a new request (or close the connection). I don't see any advantage to "early" send the 401 (that was what caused the problem to my client). The rfc 2616, section 6, write: "After receiving and interpreting a request message, a server responds with an HTTP response message.". The request message include the message body (see section 5). It seem's to me that send the response before receive the whole request doesn't follow the rfc. What do you think? [...] > If you're using form-based authentication, then the server captures > any POST data submitted with the request, and uses that following > successful authentication. No, my is a generic http client and use only the standard http authentication (actually it supports only basic and ntlm). Bye, Maurizio. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
