On Tue, 2008-02-19 at 17:56 -0800, Dave Newton wrote: > --- Jeromy Evans <[EMAIL PROTECTED]> wrote: > > Wes Wannemacher wrote: > > > In this case a 0-byte file called login.action may do the trick. It's a > bit > > > of a hack, and I think when this comes up with the Tomcat peeps, they > > > point to the spec. > > Excellent! I loathe using a redirect. This probably belongs in a FAQ > > somewhere as it comes up a lot with respect to using an action as the > > welcome file. > > Meh. I'd rather see a known, cross-browser technique like a redirect than > potentially non-portable treachery. What, specifically, does the spec say > regarding this? > > (I'm quickly looking in 2.4, which isn't the latest; it seems to state only > that it must check that a static resource or servlet is mapped to the file > named in the welcome-file-list, so I guess the zero-byte trick is > spec-friendly. Still makes me grumpy, but I'm old and easily irritated :) >
The only problem with a redirect in this case is that some context may be lost :(. Generally, with container managed security, after logging in, the server manages to send you happily on your way back to the resource that required authorization. I haven't tried it, but assuming that Tomcat "keeps it simple," I'd bet that redirecting might lose some of the magic required to make it all work. I think that the last post was right though (by Laurie?) that the new spec fixes this. So, don't be down Dave, there is hope yet! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
