On Fri, Feb 27, 2004 at 11:05:30AM +0100, Vincent Massol wrote: > > > Applied in CVS HEAD (I'm doing a nightly build now)! I've made some > > > minor changes but mostly cosmetic (I've made the new getters private > as > > > I couldn't see why they would be useful for users). > > > > No, they are useful ;) At least my servlet container (Resin 2.1.8) > > returns login page as 200 response. Moreover, I believe the spec > > requires to do exactly the same. So we need to be accurate here in > case > > the containers interpete the spec differently. > > I've *not* made the setters private, only the getters.
My bad. I've just mislooked that. But I'm also sceptic about the response code defaults. E.g. I wonder if there are containers that _redirect_ to the login page instead of return it in the 200 response. If there are none it's better to make pre-auth default to be HTTP_OK instead of HTTP_MOVED_TEMP so people are not required to explicitely set desired response code for every authenticator instance. -- Max --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
