-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicholas,
On 10/6/2011 10:08 PM, Nicholas Sushkin wrote: > I now reconfigured DefaultServlet in conf/web.xml with > readonly=false. Now, an unauthenticated PUT (with or without a > body) returns 204 No Content instead of the login form. Seems like > a bug. Should I add this behavior to Bug #51940 or a new bug? I'll bet what is happening is that your PUT request is being forwarded without modification to the login page, and your login page is some static content. Is that right? If that's what's happening, the DefaultServlet is handling the request, seeing that it is a PUT, and then complaining that it's read-only. When you make the DefaultServlet read-write you tell the DefaultServlet to accept uploads, and you'll probably end up overwriting your login form with the request entity (oops). It looks like the authenticator code needs to transform the PUT request into a GET (or POST?) so that the DefaultServlet doesn't try to do an upload. I think you'd have similar problems if trying to use a JSP for your login-page, because JSPs can't accept PUT requests unless specifically configured to do so. Since you're just hacking, try setting the request method to "GET" when you detect a PUT request that requires authentication. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6PCOwACgkQ9CaO5/Lv0PB5lwCeNN0fxcnPVAZG7UaY6ywQsR/A xNQAn1TbTs0QqPT4FspU9yPFoNNL5PjO =mkME -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org