> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> Peter Crowther wrote:
> |> From: J. Zach [mailto:[EMAIL PROTECTED]
> |>
> |> When page2.jsp is secured in web.xml via security-constraint
> |> - transport
> |> confidential, the posted data from page1.jsp is lost on
> |> submit (it's simply missing missing in the request).
> |
> | That's expected:
>
> No, it's not. Tomcat goes out of its way to save the POST body.Here's
> the code from FormAuthenticator
[elided]
> This method is called before the login form is shown. Note the special
> case for POST requests.
This is purely for forms authentication, i.e. where Tomcat is logging the user
in. The OP didn't state either way about forms authentication, and I suspect
isn't using it.
This code is not used in other cases, for example when merely redirecting a
user to a confidential (i.e. SSL) resource.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
