On 10/11/2009 13:25, Robert Denison wrote:
Thanks peter,
Don't suppose anyone can point me to any documentation that talks about getting
caching working properly for tomcat and static content can they?
It's not so much a case of Tomcat, unfortunately your app is also
affected by browser type, config, version etc.
Tomcat should handle serving static resources perfectly well, but you
can augment it if needed by employing a Filter that adds headers for
matching files/requests.
Checking the HTTP Headers that are actually being sent & received by the
major browsers is an essential step in tuning your app. Your access log
will show if files are being returned with HTTP 304 status or not.
Firefox has LiveHTTPHeaders and Firebug, IE has a plugin tool too.
I thought of an alternative, you could only enforce container based
security on a specific path "/login/".
Your Filter could redirect all unauthenticated users to the login app,
the index page (after successful login) just redirects to the app homepage.
if (logged in) {
if (https) goto http
} else {
redirect to "/login" // tomcat takes care of the HTTPS upgrade
}
p
R.
On 10 Nov 2009, at 13:14, Peter Crowther wrote:
2009/11/10 Robert Denison<r...@blim.org>:
I assume that the standard way of dealing with static caching is to have e.g.
an images (css etc) directory and have that not secure?
No, as on most browsers that will pop up a dialog box with something
like "this page contains both secure and insecure items. Do you want
to display the insecure items?"
All content referenced from a secure page should be secure to prevent
this warning.
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
