-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 12/9/2010 1:50 PM, André Warnier wrote: > Assume that the upload URL in question is handled by an application > requiring HTTPS. > And assume that the web application requires some form of user > authentication. Ok. > Are you telling me that if a user connects for the first time to the > site using this "upload URL", Tomcat is going to read the entire POST > request prior to checking if this user is authenticated ? It might not even need to be an upload URL. If the authenticator rejects the request, or even if the application rejects the request for some reason, I believe there's a loop in the Tomcat code before shutting everything down that looks something like this: while(in.read()) ; That means that you can hold-up a thread as long as you can keep sending data. I'm not sure what happens if the servlet explicitly closes the input stream... clearly Tomcat can't drain it once it's closed. I may be wrong -- this used to be the behavior; it may have changed since then. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0BNvEACgkQ9CaO5/Lv0PC5YwCeIzI4s/DEqStd1oftm/AZ/GY3 +RQAmwb5Jq6ZvCH4855VSlez/fxzqvCM =sjH1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
