You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/08/06 17:39:16 UTC

DO NOT REPLY [Bug 6279] - Resubmit to j_security_check mistakenly fetches a page of that name

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279

Resubmit to j_security_check mistakenly fetches a page of that name

Brian.Ewins@btinternet.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From Brian.Ewins@btinternet.com  2003-08-06 15:39 -------
Since people have emailed me directly several times to ask what happened to this
bug, I did a bit of digging. There has been some recent discussion on tomcat-dev:

The 'authenticated but not authorized' case is discussed again here:
http://nagoya.apache.org/eyebrowse/ReadMsg?listId=46&msgNo=58450

An alternate patch for the problem from Jeff Tulley, which also redirects to
error pages:
http://nagoya.apache.org/eyebrowse/ReadMsg?listId=46&msgNo=58547
Remy said of this one: "I won't commit this to TC 4.1.x at this time; I'll give
it a try in TC 5, and see how it works."

Remy gives a good explanation of whats potentially wrong with the patches
attached to this bug here:
http://nagoya.apache.org/eyebrowse/ReadMsg?listName=46&msgId=716594

However, Jeff's patch has been applied in TC5 - forwarding is now the default:
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java.diff?r1=1.2&r2=1.3&diff_format=h

Since the bug is fixed in TC5, and Remy has already indicated that it will not
be going into 4.1.x, I am closing this bug report as WONTFIX. I know other bugs
were marked as duplicates of this, so if anyone else on the cc list strenuously
objects please feel free to reopen it.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org