cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java

Tue, 12 Nov 2002 22:12:22 -0800 

billbarker    2002/11/12 22:10:38

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        AuthenticatorBase.java
  Log:
  Add a flag to disable adding headers to prevent proxies from caching the content of 
protected pages.
  
  I strongly want this in 4.1, but committing here first since the topic is a bit 
controversial.  The out-of-the-box behavior is the same as before.  This just adds a 
much-asked-for configuration setting for webmasters that don't want this behavior.
  
  Revision  Changes    Path
  1.4       +28 -5     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
  
  Index: AuthenticatorBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- AuthenticatorBase.java    9 Aug 2002 01:12:39 -0000       1.3
  +++ AuthenticatorBase.java    13 Nov 2002 06:10:38 -0000      1.4
  @@ -194,6 +194,11 @@
       protected static final String info =
           "org.apache.catalina.authenticator.AuthenticatorBase/1.0";
   
  +    /**
  +     * Flag to determine if we disable proxy caching, or leave the issue
  +     * up to the webapp developer.
  +     */
  +    protected boolean noProxyCaching = true;
   
       /**
        * The lifecycle event support for this component.
  @@ -388,6 +393,23 @@
   
       }
   
  +    /**
  +     * Return the flag that states if we add headers to disable caching by
  +     * proxies.
  +     */
  +    public boolean getNoProxyCaching() {
  +        return noProxyCaching;
  +    }
  +
  +    /**
  +     * Set the value of the flag that states if we add headers to disable
  +     * caching by proxies.
  +     * @param nocache <code>true</code> if we add headers to disable proxy 
  +     *              caching, <code>false</code> if we leave the headers alone.
  +     */
  +    public void setNoProxyCaching(boolean nocache) {
  +        noProxyCaching = nocache;
  +    }
   
       // --------------------------------------------------------- Public Methods
   
  @@ -479,7 +501,8 @@
   
           // Make sure that constrained resources are not cached by web proxies
           // or browsers as caching can provide a security hole
  -        if (!(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
  +        if (noProxyCaching && 
  +            !(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
               HttpServletResponse sresponse = 
                   (HttpServletResponse) response.getResponse();
               sresponse.setHeader("Pragma", "No-cache");
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Reply via email to