DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4374>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4374 bypass of authentication mechanism [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[EMAIL PROTECTED] ------- Additional Comments From [EMAIL PROTECTED] 2002-12-28 12:35 ------- Still the same behaviour in servlet spec 2.4. I can't believe that this is not considered a bug, but a "feature"... Not really convenient to use programmatic security if you need to seal a whole directory, although the nice <url-mapping>* suggests that you would have a save .htaccess equivalent. I wonder how to "safely" seal directories with static html content at all with Tomcat then...? Is it possible to inhibit "content grabbing" with <include> in a Spec conform way? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>