On 25/01/2012 22:03, removeps-c...@yahoo.com wrote: >> So, you're saying that the method value 'POST' is not >> preserved after >> successful authentication and appears to be converted to a >> 'GET'? > > No, what I said is the my original request to > https://mydomain/myapp/action.do is a POST request, and the web.xml says to > send me the the login-config page and this request used to be POST in 7.0.22 > and is GET in 7.0.23. After successful authentication the user must resubmit > the original POST request because this does not happen automatically.
I don't understand, what does "and this request used to be POST" mean then? The login form defines the method used to send the request, the browser sends it, not Tomcat. When Tomcat receives an unauthenticated request for a protected resource it intercepts and saves that request, then forwards to the resource defined in the login config. If the login form action is successful, the previous request is restored and executed. So I asked if the request is not being restored properly... So either you're telling us that there's a bug in Tomcat, or you're telling us something else and I don't know what that is. Can you reproduce the error using a clean & simple application config? p > --- On Wed, 1/25/12, Pid <p...@pidster.com> wrote: > >> From: Pid <p...@pidster.com> >> Subject: Re: not able to access URL in 2nd app in 7.0.23 >> To: "Tomcat Users List" <users@tomcat.apache.org> >> Date: Wednesday, January 25, 2012, 1:24 PM >> On 25/01/2012 18:35, removeps-c...@yahoo.com >> wrote: >>> OK here's what I tried: I removed https. A >> request through Firefox to http://localhost:6144/myapp/folder/action.do still >> gives 404. I overrode doGet of the servlet class to >> print whether get/post and the request.getRequestURI and it >> is >>> >>> get /myapp/folder/action.do >>> >>> This is the same as before. My servlet has code >> like this >>> >>> if >> (uri.equals("/myapp/folder/action.do")) >>> >>> in the doPost method so it would process this action. >>> >>> So the problem has to do with https. I put the >> security-constraint stuff back in but removed the >> auth-constraint, so everything is https but requires no >> authentication. What gets printed when you go to >> https://localhost:6143/myapp/folder/action.do is still >>> >>> get /myapp/folder/action.do >>> >>> So the issue is with the auth-constraint. >>> >>> In my real code, my code makes a POST request to the >> given URL. I re-ran this test: >>> >>> So now it looks like the issue is this: >>> >>> (a) In 7.0.22 and earlier versions my code made a POST >> request to https://localhost:6143/myapp/folder/action.do. >>> (b) Tomcat made a POST request to the login page >>> https://localhost:6143/myapp/login.html >>> (c) My servlet got called, and the doPost method of >> the servlet got called. >>> >>> But in 7.0.23 (b) Tomcat is making a GET request to >>> https://localhost:6143/myapp/login.html >>> >>> Thus I must move/copy my code in doPost to build >> login.html into doGet. >>> >>> This did work. >> >> So, you're saying that the method value 'POST' is not >> preserved after >> successful authentication and appears to be converted to a >> 'GET'? >> >> >> p >> >>> --- On Wed, 1/25/12, removeps-c...@yahoo.com >> <removeps-c...@yahoo.com> >> wrote: >>> >>>> From: removeps-c...@yahoo.com >> <removeps-c...@yahoo.com> >>>> Subject: Re: not able to access URL in 2nd app in >> 7.0.23 >>>> To: "Tomcat Users List" <users@tomcat.apache.org> >>>> Date: Wednesday, January 25, 2012, 9:10 AM >>>> Replies in place >>>> >>>> --- On Wed, 1/25/12, Pid <p...@pidster.com> >>>> wrote: >>>> >>>>> From: Pid <p...@pidster.com> >>>>> Subject: Re: not able to access URL in 2nd app >> in >>>> 7.0.23 >>>>> To: "Tomcat Users List" <users@tomcat.apache.org> >>>>> Date: Wednesday, January 25, 2012, 12:55 AM >>>>> On 25/01/2012 02:49, removeps-c...@yahoo.com >>>>> wrote: >>>>>> In my webapps folder there are two >> folders: >>>> ROOT, >>>>> myapp. ROOT is the default app. >>>>>> >>>>>> In myapp/WEB-INF/web.xml there is >>>>>> >>>>>> <servlet> >>>>>> >>>>> >>>> >> <servlet-name>MyServlet</servlet-name> >>>>>> >>>>> >>>> >> <servlet-class>package.MyServlet</servlet-class> >>>>>> >>>>> >>>> >> <load-on-startup>1</load-on-startup> >>>>>> </servlet> >>>>>> <servlet-mapping> >>>>>> >>>>> >>>> >> <servlet-name>MyServlet</servlet-name> >>>>>> >>>>> >>>> >> <url-pattern>/folder/action.do</url-pattern> >>>>>> </servlet-mapping> >>>>>> >>>>>> When I go to http://host/myapp/folder/action.do in Tomcat 7.0.22 it >>>>> invokes myapp, MyServlet. Even some >> versions of >>>> Tomcat >>>>> 6.x did this. >>>>>> >>>>>> But in Tomcat 7.0.23 it generates 404 page >> not >>>> found. >>>>>> >>>>>> Any idea what I can do? >>>>> >>>>> What do the log files report, during >> application >>>> startup >>>>> and when you >>>>> try to access the page? >>>> >>>> During startup I see >>>> >>>> INFO: Deploying web application directory >>>> >> /home/myusername/jvm/apache-tomcat-7.0.23/domains/mydomain/myapp >>>> >>>> When going to the page, no logs are generated. >>>> However I put a System.out.println statement in >> the default >>>> servlet of myapp to print the getRequestURI() and >> find that >>>> the following URI is hit "/myapp/404.html". >>>> >>>> The myapp/WEB-INF/web.xml has >>>> >>>> <error-page> >>>> >> <error-code>404</error-code> >>>> >> <location>/404.html</location> >>>> </error-page> >>>> >>>> So this means that the myapp servlet is invoked, >> which is a >>>> good thing. But the URL I went to is >>>> https://mydomain/myapp/folder/action.do. >>>> >>>> The servlet that is supposed to handle >> /folder/action.do is >>>> not invoked. >>>> >>>> Nor should it be invoked. There is an https >> security >>>> constraint in myapp/WEB-INF/web.xml to direct the >> user to >>>> myapp/login.html. This page is generated by >> the >>>> default servlet as well. >>>> >>>> So I will try two things. First, remove the >> https to >>>> see if it works. Second, change the >> url-mapping from >>>> an exact match like "/myapps/folder/action.do" to >>>> "*.action.do" >>>> >>>>> >>>>> p >>>>> >>>>>> I'm gonna check if it works in 7.0.25. >>>> >>>> FYI, it does not work in 7.0.25 either. >>>> >>>> >> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>> >>> >> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> -- >> >> [key:62590808] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
