See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27122.
"Bernhard Wraase" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I found a bug in tomcat 5. I can reproduce it with tomcat 5.016, 5.018 > and 5.019. Other versions of tomcat 5 I didn't test. > > Here is my testcase: > > create a folder under <tomcat5>/webapps (ie. sec-test) > put a zip-file and/or a pdf-file in it (ie. a.pdf, b.zip) > configure https with certificate and port in server.xml > configure the redirect from http to https in server.xml > configure the webapp > start tomcat 5 > > start IE 5.5 or 6.0 > try https://<servername>/sec-test/a.pdf > try https://<servername>/sec-test/b.zip > > both works correctly > > Now the buggy behavior: > > add a web.xml with following part: > <security-constraint> > <web-resource-collection> > <web-resource-name>The Entire Web App</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > > Now it is not anymore possible to open or store neither the pdf-file nor > the zip-file with same url from above. > > "Internet Explorer cannot download a.pdf from localhost. > Internet Explorer was not able to open this Internet site. The > requested site is either unavailable or cannnot be found. Please try > again later." > > "Internet Explorer cannot download b.zip from localhost. > Internet Explorer was not able to open this Internet site. The > requested site is either unavailable or cannnot be found. Please try > again later." > > This happens only with IE 5.5 and 6.0, not with mozilla 1.6 or Opera > 7.23(tested). > The same webapp works works correctly in tomcat 4.02, 4.04, 4.1.30(all > tested). > I tested on solaris(8), linux(SuSe 8.1) and W2000, the behavior is the > same, means the operating system does not matter. > > Could this please anybody confirm? > > If somebody has a smart workarround or bugfix for tomcat 5 I appreciate > it very much. > I try to understand the BaseAuthenticator(catalina.jar) since I thought > there would be the bug but I must confess that I failed:-( > > -- > Regards Bernhard Wraase --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
