Hi there,
I've got some API that I've exposed via GET that I have secured (web.xml,
@RolesAllowed, etc.). The security works fine, but also want the response
to be cacheable, so I've annotated using @Cache(mustRevalidate = true). The
annotation works fine for me when there isn't any authentication involved,
but when I add the auth, I noticed that I get and extra set of
cache-control headers.

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet/3.0; JBossAS-6
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 16:00:00 PST
Cache-Control: public, must-revalidate
ETag: 817C3E16AABFCE053B16E317F037EEDC
Content-Type: application/json
Content-Length: 211
Date: Thu, 24 Nov 2011 20:06:14 GMT

 Any idea why I'm getting *both* Cache-Control: no-cache and
Cache-Control:public..(and does that even make any sense)? I'm using JBoss

By contrast, without authentication, I get headers that look more like this:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet/3.0; JBossAS-6
Cache-Control: public, must-revalidate
Content-Type: application/json
Content-Length: 5816
Date: Thu, 24 Nov 2011 19:50:51 GMT

All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
Resteasy-users mailing list

Reply via email to