In Servlet 2.2 they say that:
...
6. The client is redirected to the original resource using the original stored
URL path.
in the discussion of the steps that are followed during form authentication. I
would like clarification on what happnens when the original request was a POST.
Do we expect that:
1) The post data is lost and the redirect does a GET to the stored URL
2) The post data is stored and is RequestDispatcher.forward()ed to the original
stored URL with a browser address of j_security_check.
3) The FORM is filtered and the j_security_check action is magically replaced
with the original stored URL with the same result as 2) except that the browser
URL is now correct.
4) Something magical under the covers happens and the post data is stored in
the session so that when the browser comes back with a GET it is converted into
a POST and the original post data is stuck in the new request,
indistinguishable from the original request with a proper browser address.
So far I think that Tomcat & WebLogic implement 1) and Resin implements 2). It
seems as though customers want 4).
Sam
=====
"If I can see farther it is because I am
surrounded by dwarves" -- Murray Gell-Mann
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
