How can the login page see parameters in the original request?
In my app, I make a request to https://localhost/mywebservice/action.do.
Because the user is not authenticated, Tomcat redirects them to the login page.
I want the login page to be able to see the parameters passed in the original
request. Only if certain secret fields and values are present, do I want to
generate the login page. Otherwise, I want to send the response code 404.
In FormAuthenticator.java, function saveRequest, they have
if ("POST".equalsIgnoreCase(request.getMethod())) {
ByteChunk body = new ByteChunk();
body.setLimit(request.getConnector().getMaxSavePostSize());
byte[] buffer = new byte[4096];
int bytesRead;
InputStream is = request.getInputStream();
while ( (bytesRead = is.read(buffer) ) >= 0) {
body.append(buffer, 0, bytesRead);
}
saved.setContentType(request.getContentType());
saved.setBody(body);
}
Maybe the act of reading the input stream through is.read uses it up, not sure.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
