Hi there,
I've got some API that I've exposed via GET that I have secured (web.xml,
@RolesAllowed, etc.). The security works fine, but also want the response
to be cacheable, so I've annotated using @Cache(mustRevalidate = true). The
annotation works fine for me when there isn't any authentication involved,
but when I add the auth, I noticed that I get and extra set of
cache-control headers.
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet/3.0; JBossAS-6
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 16:00:00 PST
Cache-Control: public, must-revalidate
ETag: 817C3E16AABFCE053B16E317F037EEDC
Content-Type: application/json
Content-Length: 211
Date: Thu, 24 Nov 2011 20:06:14 GMT
Any idea why I'm getting *both* Cache-Control: no-cache and
Cache-Control:public..(and does that even make any sense)? I'm using JBoss
6.1.0.
By contrast, without authentication, I get headers that look more like this:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet/3.0; JBossAS-6
Cache-Control: public, must-revalidate
ETag: DA39EEEB1BBEDEC0A8C1D17E626DD64C
Content-Type: application/json
Content-Length: 5816
Date: Thu, 24 Nov 2011 19:50:51 GMT
Thanks,
H.Y.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
