[Bug 57629] sending large file with Expect: 100-continue wrong messages order

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=57629

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
This is only going to work if Tomcat does the authentication otherwise, as you
have observed, Tomcat sends the 100 response before passing the
request/response to the application for processing.

One of the aims for Tomcat 9 is to implement JASPIC which would allow libraries
like Spring Security to plug into Tomcat's authentication mechanism allowing
for the behaviour you are looking for.

The other option would be to add an option to the Context to delegate sending
of the 100 response to the application. There are security concerns around
expectation handling but as long as Tomcat's current handling stays in place I
don't believe this would create any issues. The down side is that if the
application does not send the 100 continue response then the client may wait
for an unknown period of time before sending the request body any way.

If you think such an option (to delegate the sending of 100 response) would be
useful, we can move this issue to an enhancement. If not, it will get resolved
as WONTFIX.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org