Terry, does your login page reference the same script URL as the secured pages, by any chance?
p On 9 April 2010 17:39, Christopher Schultz <ch...@christopherschultz.net>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Terry, > > On 4/9/2010 12:14 PM, Terry Horner wrote: > > The problem seems to occur if there are any restricted resources > > within a page - it doesn't seems too outlandish for someone to > > restrict access to their images folder (say, it has client logos in > > it and they are required to be a bit paranoid about their client > > list). > > If you have a restricted images folder, why are you trying to serve > images out of it onto a non-restricted page? > > > I have a workaround that will work for some people in this situation > > - require all logons to go through index.jsp (or whatever) and have > > this be a page that just shows a 'loading...' animated image (or > > whatever) - but this doesn't work if you want to be able to bookmark > > pages within your site. > > If you bookmark a restricted page, you don't even see it until after > successful authentication, so there's no problem there. > > The problem is with including restricted content in an unrestricted > page. I agree that your webapp shouldn't be suffering the kind of fate > it is currently is, but you'd save yourself a lot of trouble by not > doing something which seems so illogical. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAku/WDMACgkQ9CaO5/Lv0PCKagCffXehaOcXta2EFqGDPG19HnOK > MkcAn2WlANst7s5vhMDk/A7Pj3WTnIe3 > =b/EF > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- -- pidster.com
