Re: not able to access URL in 2nd app in 7.0.23
On 26/01/2012 03:59, removeps-c...@yahoo.com wrote: When Tomcat receives an unauthenticated request for a protected resource it intercepts and saves that request, then forwards to the resource defined in the login config. True. Also, I'm not making the request through Firefox. I did that below as part of my debugging only. I have a Java application. It calls HttpsURLConnection.setFollowRedirects(false); At some point it calls HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); where url is https://localhost:6143/myapp/folder/action.do;. Then there is a call to connection.setRequestMethod(POST); along with the other usual methods for a post request. T server intercepts this message and internally directs to /login.html. Either a servlet should build this page or it should exist. However, in 7.0.22 a POST request is made to this page, whereas in 7.0.23 a GET request is made. Is this a bug in tomcat, a feature in tomcat, or required by the spec? This is a design decision. The method used to request the login page should always be GET regardless of what method was used to access the protected page. This wasn't always the case and was corrected as part of the fix for [1] in [2]. Then the login.html page is generated and sent back to the client. The client will then read this message and verify it is the expected login page. The client will then send a post request to https://localhost:6143/myapp/j_security_check providing the username and password. Whether POST or GET is used here will depend on the login page since it is defined by the method attribute of the form element. At this point the server will authenticate, and if valid, will send 302 (redirect) with the URL as the page that was originally requested. The Java client should now repeat the original post request. The method to be used at this point is unclear to say the least. See RFC2616 and the discussion on the handling of 302 redirects. Ideally, this should be treated as a 303 redirect and a GET request issued. Repeating the POST needlessly sends the request body again which Tomcat will just silently swallow as it will restore the request body from the original request. Using a 303 in this case is under consideration for the next version of the servlet spec. Mark [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=51940 [2] http://svn.apache.org/viewvc?view=revisionamp;revision=1181030 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not able to access URL in 2nd app in 7.0.23
On 25/01/2012 02:49, removeps-c...@yahoo.com wrote: In my webapps folder there are two folders: ROOT, myapp. ROOT is the default app. In myapp/WEB-INF/web.xml there is servlet servlet-nameMyServlet/servlet-name servlet-classpackage.MyServlet/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/folder/action.do/url-pattern /servlet-mapping When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it invokes myapp, MyServlet. Even some versions of Tomcat 6.x did this. But in Tomcat 7.0.23 it generates 404 page not found. Any idea what I can do? What do the log files report, during application startup and when you try to access the page? p I'm gonna check if it works in 7.0.25. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: not able to access URL in 2nd app in 7.0.23
Replies in place --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 12:55 AM On 25/01/2012 02:49, removeps-c...@yahoo.com wrote: In my webapps folder there are two folders: ROOT, myapp. ROOT is the default app. In myapp/WEB-INF/web.xml there is servlet servlet-nameMyServlet/servlet-name servlet-classpackage.MyServlet/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/folder/action.do/url-pattern /servlet-mapping When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it invokes myapp, MyServlet. Even some versions of Tomcat 6.x did this. But in Tomcat 7.0.23 it generates 404 page not found. Any idea what I can do? What do the log files report, during application startup and when you try to access the page? During startup I see INFO: Deploying web application directory /home/myusername/jvm/apache-tomcat-7.0.23/domains/mydomain/myapp When going to the page, no logs are generated. However I put a System.out.println statement in the default servlet of myapp to print the getRequestURI() and find that the following URI is hit /myapp/404.html. The myapp/WEB-INF/web.xml has error-page error-code404/error-code location/404.html/location /error-page So this means that the myapp servlet is invoked, which is a good thing. But the URL I went to is https://mydomain/myapp/folder/action.do. The servlet that is supposed to handle /folder/action.do is not invoked. Nor should it be invoked. There is an https security constraint in myapp/WEB-INF/web.xml to direct the user to myapp/login.html. This page is generated by the default servlet as well. So I will try two things. First, remove the https to see if it works. Second, change the url-mapping from an exact match like /myapps/folder/action.do to *.action.do p I'm gonna check if it works in 7.0.25. FYI, it does not work in 7.0.25 either. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not able to access URL in 2nd app in 7.0.23
removeps-c...@yahoo.com wrote: ... url-pattern/folder/action.do/url-pattern /servlet-mapping ... So I will try two things. First, remove the https to see if it works. Second, change the url-mapping from an exact match like /myapps/folder/action.do to *.action.do In any case, the URL against which you match should never include the webapp name (or context name). It is correct in the url-pattern above, but not in your last remark. Other than that, could it be that the login page to which you re-direct is not being found, and that this is causing the 404 ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not able to access URL in 2nd app in 7.0.23
OK here's what I tried: I removed https. A request through Firefox to http://localhost:6144/myapp/folder/action.do still gives 404. I overrode doGet of the servlet class to print whether get/post and the request.getRequestURI and it is get /myapp/folder/action.do This is the same as before. My servlet has code like this if (uri.equals(/myapp/folder/action.do)) in the doPost method so it would process this action. So the problem has to do with https. I put the security-constraint stuff back in but removed the auth-constraint, so everything is https but requires no authentication. What gets printed when you go to https://localhost:6143/myapp/folder/action.do is still get /myapp/folder/action.do So the issue is with the auth-constraint. In my real code, my code makes a POST request to the given URL. I re-ran this test: So now it looks like the issue is this: (a) In 7.0.22 and earlier versions my code made a POST request to https://localhost:6143/myapp/folder/action.do. (b) Tomcat made a POST request to the login page https://localhost:6143/myapp/login.html (c) My servlet got called, and the doPost method of the servlet got called. But in 7.0.23 (b) Tomcat is making a GET request to https://localhost:6143/myapp/login.html Thus I must move/copy my code in doPost to build login.html into doGet. This did work. --- On Wed, 1/25/12, removeps-c...@yahoo.com removeps-c...@yahoo.com wrote: From: removeps-c...@yahoo.com removeps-c...@yahoo.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 9:10 AM Replies in place --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 12:55 AM On 25/01/2012 02:49, removeps-c...@yahoo.com wrote: In my webapps folder there are two folders: ROOT, myapp. ROOT is the default app. In myapp/WEB-INF/web.xml there is servlet servlet-nameMyServlet/servlet-name servlet-classpackage.MyServlet/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/folder/action.do/url-pattern /servlet-mapping When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it invokes myapp, MyServlet. Even some versions of Tomcat 6.x did this. But in Tomcat 7.0.23 it generates 404 page not found. Any idea what I can do? What do the log files report, during application startup and when you try to access the page? During startup I see INFO: Deploying web application directory /home/myusername/jvm/apache-tomcat-7.0.23/domains/mydomain/myapp When going to the page, no logs are generated. However I put a System.out.println statement in the default servlet of myapp to print the getRequestURI() and find that the following URI is hit /myapp/404.html. The myapp/WEB-INF/web.xml has error-page error-code404/error-code location/404.html/location /error-page So this means that the myapp servlet is invoked, which is a good thing. But the URL I went to is https://mydomain/myapp/folder/action.do. The servlet that is supposed to handle /folder/action.do is not invoked. Nor should it be invoked. There is an https security constraint in myapp/WEB-INF/web.xml to direct the user to myapp/login.html. This page is generated by the default servlet as well. So I will try two things. First, remove the https to see if it works. Second, change the url-mapping from an exact match like /myapps/folder/action.do to *.action.do p I'm gonna check if it works in 7.0.25. FYI, it does not work in 7.0.25 either. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not able to access URL in 2nd app in 7.0.23
Yep that was the reason, as I wrote in another email sent just now before I saw this. The reason is that in 7.0.22 Tomcat made a POST request to the login page and my doPost method handled it, but in 7.0.23 it makes a GET request. --- On Wed, 1/25/12, André Warnier a...@ice-sa.com wrote: From: André Warnier a...@ice-sa.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 9:18 AM removeps-c...@yahoo.com wrote: ... url-pattern/folder/action.do/url-pattern /servlet-mapping ... So I will try two things. First, remove the https to see if it works. Second, change the url-mapping from an exact match like /myapps/folder/action.do to *.action.do In any case, the URL against which you match should never include the webapp name (or context name). It is correct in the url-pattern above, but not in your last remark. Other than that, could it be that the login page to which you re-direct is not being found, and that this is causing the 404 ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not able to access URL in 2nd app in 7.0.23
On 25/01/2012 18:35, removeps-c...@yahoo.com wrote: OK here's what I tried: I removed https. A request through Firefox to http://localhost:6144/myapp/folder/action.do still gives 404. I overrode doGet of the servlet class to print whether get/post and the request.getRequestURI and it is get /myapp/folder/action.do This is the same as before. My servlet has code like this if (uri.equals(/myapp/folder/action.do)) in the doPost method so it would process this action. So the problem has to do with https. I put the security-constraint stuff back in but removed the auth-constraint, so everything is https but requires no authentication. What gets printed when you go to https://localhost:6143/myapp/folder/action.do is still get /myapp/folder/action.do So the issue is with the auth-constraint. In my real code, my code makes a POST request to the given URL. I re-ran this test: So now it looks like the issue is this: (a) In 7.0.22 and earlier versions my code made a POST request to https://localhost:6143/myapp/folder/action.do. (b) Tomcat made a POST request to the login page https://localhost:6143/myapp/login.html (c) My servlet got called, and the doPost method of the servlet got called. But in 7.0.23 (b) Tomcat is making a GET request to https://localhost:6143/myapp/login.html Thus I must move/copy my code in doPost to build login.html into doGet. This did work. So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? p --- On Wed, 1/25/12, removeps-c...@yahoo.com removeps-c...@yahoo.com wrote: From: removeps-c...@yahoo.com removeps-c...@yahoo.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 9:10 AM Replies in place --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 12:55 AM On 25/01/2012 02:49, removeps-c...@yahoo.com wrote: In my webapps folder there are two folders: ROOT, myapp. ROOT is the default app. In myapp/WEB-INF/web.xml there is servlet servlet-nameMyServlet/servlet-name servlet-classpackage.MyServlet/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/folder/action.do/url-pattern /servlet-mapping When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it invokes myapp, MyServlet. Even some versions of Tomcat 6.x did this. But in Tomcat 7.0.23 it generates 404 page not found. Any idea what I can do? What do the log files report, during application startup and when you try to access the page? During startup I see INFO: Deploying web application directory /home/myusername/jvm/apache-tomcat-7.0.23/domains/mydomain/myapp When going to the page, no logs are generated. However I put a System.out.println statement in the default servlet of myapp to print the getRequestURI() and find that the following URI is hit /myapp/404.html. The myapp/WEB-INF/web.xml has error-page error-code404/error-code location/404.html/location /error-page So this means that the myapp servlet is invoked, which is a good thing. But the URL I went to is https://mydomain/myapp/folder/action.do. The servlet that is supposed to handle /folder/action.do is not invoked. Nor should it be invoked. There is an https security constraint in myapp/WEB-INF/web.xml to direct the user to myapp/login.html. This page is generated by the default servlet as well. So I will try two things. First, remove the https to see if it works. Second, change the url-mapping from an exact match like /myapps/folder/action.do to *.action.do p I'm gonna check if it works in 7.0.25. FYI, it does not work in 7.0.25 either. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: not able to access URL in 2nd app in 7.0.23
So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? No, what I said is the my original request to https://mydomain/myapp/action.do is a POST request, and the web.xml says to send me the the login-config page and this request used to be POST in 7.0.22 and is GET in 7.0.23. After successful authentication the user must resubmit the original POST request because this does not happen automatically. --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 1:24 PM On 25/01/2012 18:35, removeps-c...@yahoo.com wrote: OK here's what I tried: I removed https. A request through Firefox to http://localhost:6144/myapp/folder/action.do still gives 404. I overrode doGet of the servlet class to print whether get/post and the request.getRequestURI and it is get /myapp/folder/action.do This is the same as before. My servlet has code like this if (uri.equals(/myapp/folder/action.do)) in the doPost method so it would process this action. So the problem has to do with https. I put the security-constraint stuff back in but removed the auth-constraint, so everything is https but requires no authentication. What gets printed when you go to https://localhost:6143/myapp/folder/action.do is still get /myapp/folder/action.do So the issue is with the auth-constraint. In my real code, my code makes a POST request to the given URL. I re-ran this test: So now it looks like the issue is this: (a) In 7.0.22 and earlier versions my code made a POST request to https://localhost:6143/myapp/folder/action.do. (b) Tomcat made a POST request to the login page https://localhost:6143/myapp/login.html (c) My servlet got called, and the doPost method of the servlet got called. But in 7.0.23 (b) Tomcat is making a GET request to https://localhost:6143/myapp/login.html Thus I must move/copy my code in doPost to build login.html into doGet. This did work. So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? p --- On Wed, 1/25/12, removeps-c...@yahoo.com removeps-c...@yahoo.com wrote: From: removeps-c...@yahoo.com removeps-c...@yahoo.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 9:10 AM Replies in place --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 12:55 AM On 25/01/2012 02:49, removeps-c...@yahoo.com wrote: In my webapps folder there are two folders: ROOT, myapp. ROOT is the default app. In myapp/WEB-INF/web.xml there is servlet servlet-nameMyServlet/servlet-name servlet-classpackage.MyServlet/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/folder/action.do/url-pattern /servlet-mapping When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it invokes myapp, MyServlet. Even some versions of Tomcat 6.x did this. But in Tomcat 7.0.23 it generates 404 page not found. Any idea what I can do? What do the log files report, during application startup and when you try to access the page? During startup I see INFO: Deploying web application directory /home/myusername/jvm/apache-tomcat-7.0.23/domains/mydomain/myapp When going to the page, no logs are generated. However I put a System.out.println statement in the default servlet of myapp to print the getRequestURI() and find that the following URI is hit /myapp/404.html. The myapp/WEB-INF/web.xml has error-page error-code404/error-code location/404.html/location /error-page So this means that the myapp servlet is invoked, which is a good thing. But the URL I went to is https://mydomain/myapp/folder/action.do. The servlet that is supposed to handle /folder/action.do is not invoked. Nor should it be invoked. There is an https security constraint in myapp/WEB-INF/web.xml to direct the user to myapp/login.html. This page is generated by the default servlet as well. So I will try two things. First, remove the https to see if it works. Second, change the url-mapping from an exact match like /myapps/folder/action.do to *.action.do p I'm gonna check if it works in 7.0.25. FYI, it does not work in 7.0.25 either.
Re: not able to access URL in 2nd app in 7.0.23
On 25/01/2012 22:03, removeps-c...@yahoo.com wrote: So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? No, what I said is the my original request to https://mydomain/myapp/action.do is a POST request, and the web.xml says to send me the the login-config page and this request used to be POST in 7.0.22 and is GET in 7.0.23. After successful authentication the user must resubmit the original POST request because this does not happen automatically. I don't understand, what does and this request used to be POST mean then? The login form defines the method used to send the request, the browser sends it, not Tomcat. When Tomcat receives an unauthenticated request for a protected resource it intercepts and saves that request, then forwards to the resource defined in the login config. If the login form action is successful, the previous request is restored and executed. So I asked if the request is not being restored properly... So either you're telling us that there's a bug in Tomcat, or you're telling us something else and I don't know what that is. Can you reproduce the error using a clean simple application config? p --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 1:24 PM On 25/01/2012 18:35, removeps-c...@yahoo.com wrote: OK here's what I tried: I removed https. A request through Firefox to http://localhost:6144/myapp/folder/action.do still gives 404. I overrode doGet of the servlet class to print whether get/post and the request.getRequestURI and it is get /myapp/folder/action.do This is the same as before. My servlet has code like this if (uri.equals(/myapp/folder/action.do)) in the doPost method so it would process this action. So the problem has to do with https. I put the security-constraint stuff back in but removed the auth-constraint, so everything is https but requires no authentication. What gets printed when you go to https://localhost:6143/myapp/folder/action.do is still get /myapp/folder/action.do So the issue is with the auth-constraint. In my real code, my code makes a POST request to the given URL. I re-ran this test: So now it looks like the issue is this: (a) In 7.0.22 and earlier versions my code made a POST request to https://localhost:6143/myapp/folder/action.do. (b) Tomcat made a POST request to the login page https://localhost:6143/myapp/login.html (c) My servlet got called, and the doPost method of the servlet got called. But in 7.0.23 (b) Tomcat is making a GET request to https://localhost:6143/myapp/login.html Thus I must move/copy my code in doPost to build login.html into doGet. This did work. So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? p --- On Wed, 1/25/12, removeps-c...@yahoo.com removeps-c...@yahoo.com wrote: From: removeps-c...@yahoo.com removeps-c...@yahoo.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 9:10 AM Replies in place --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 12:55 AM On 25/01/2012 02:49, removeps-c...@yahoo.com wrote: In my webapps folder there are two folders: ROOT, myapp. ROOT is the default app. In myapp/WEB-INF/web.xml there is servlet servlet-nameMyServlet/servlet-name servlet-classpackage.MyServlet/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/folder/action.do/url-pattern /servlet-mapping When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it invokes myapp, MyServlet. Even some versions of Tomcat 6.x did this. But in Tomcat 7.0.23 it generates 404 page not found. Any idea what I can do? What do the log files report, during application startup and when you try to access the page? During startup I see INFO: Deploying web application directory /home/myusername/jvm/apache-tomcat-7.0.23/domains/mydomain/myapp When going to the page, no logs are generated. However I put a System.out.println statement in the default servlet of myapp to print the getRequestURI() and find that the following URI is hit /myapp/404.html. The myapp/WEB-INF/web.xml has error-page error-code404/error-code location/404.html/location /error-page So this means that the myapp servlet is invoked, which is a good thing. But the URL I went to
Re: not able to access URL in 2nd app in 7.0.23
When Tomcat receives an unauthenticated request for a protected resource it intercepts and saves that request, then forwards to the resource defined in the login config. True. Also, I'm not making the request through Firefox. I did that below as part of my debugging only. I have a Java application. It calls HttpsURLConnection.setFollowRedirects(false); At some point it calls HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); where url is https://localhost:6143/myapp/folder/action.do;. Then there is a call to connection.setRequestMethod(POST); along with the other usual methods for a post request. T server intercepts this message and internally directs to /login.html. Either a servlet should build this page or it should exist. However, in 7.0.22 a POST request is made to this page, whereas in 7.0.23 a GET request is made. Is this a bug in tomcat, a feature in tomcat, or required by the spec? Then the login.html page is generated and sent back to the client. The client will then read this message and verify it is the expected login page. The client will then send a post request to https://localhost:6143/myapp/j_security_check providing the username and password. At this point the server will authenticate, and if valid, will send 302 (redirect) with the URL as the page that was originally requested. The Java client should now repeat the original post request. Hope this is clear. --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 2:59 PM On 25/01/2012 22:03, removeps-c...@yahoo.com wrote: So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? No, what I said is the my original request to https://mydomain/myapp/action.do is a POST request, and the web.xml says to send me the the login-config page and this request used to be POST in 7.0.22 and is GET in 7.0.23. After successful authentication the user must resubmit the original POST request because this does not happen automatically. I don't understand, what does and this request used to be POST mean then? The login form defines the method used to send the request, the browser sends it, not Tomcat. When Tomcat receives an unauthenticated request for a protected resource it intercepts and saves that request, then forwards to the resource defined in the login config. If the login form action is successful, the previous request is restored and executed. So I asked if the request is not being restored properly... So either you're telling us that there's a bug in Tomcat, or you're telling us something else and I don't know what that is. Can you reproduce the error using a clean simple application config? p --- On Wed, 1/25/12, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: not able to access URL in 2nd app in 7.0.23 To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, January 25, 2012, 1:24 PM On 25/01/2012 18:35, removeps-c...@yahoo.com wrote: OK here's what I tried: I removed https. A request through Firefox to http://localhost:6144/myapp/folder/action.do still gives 404. I overrode doGet of the servlet class to print whether get/post and the request.getRequestURI and it is get /myapp/folder/action.do This is the same as before. My servlet has code like this if (uri.equals(/myapp/folder/action.do)) in the doPost method so it would process this action. So the problem has to do with https. I put the security-constraint stuff back in but removed the auth-constraint, so everything is https but requires no authentication. What gets printed when you go to https://localhost:6143/myapp/folder/action.do is still get /myapp/folder/action.do So the issue is with the auth-constraint. In my real code, my code makes a POST request to the given URL. I re-ran this test: So now it looks like the issue is this: (a) In 7.0.22 and earlier versions my code made a POST request to https://localhost:6143/myapp/folder/action.do. (b) Tomcat made a POST request to the login page https://localhost:6143/myapp/login.html (c) My servlet got called, and the doPost method of the servlet got called. But in 7.0.23 (b) Tomcat is making a GET request to https://localhost:6143/myapp/login.html Thus I must move/copy my code in doPost to build login.html into doGet. This did work. So, you're saying that the method value 'POST' is not preserved after successful authentication and appears to be converted to a 'GET'? p --- On Wed, 1/25/12, removeps-c...@yahoo.com removeps-c...@yahoo.com wrote: From: removeps-c...@yahoo.com