You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2002/11/13 07:10:38 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java
billbarker 2002/11/12 22:10:38
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
Add a flag to disable adding headers to prevent proxies from caching the content of protected pages.
I strongly want this in 4.1, but committing here first since the topic is a bit controversial. The out-of-the-box behavior is the same as before. This just adds a much-asked-for configuration setting for webmasters that don't want this behavior.
Revision Changes Path
1.4 +28 -5 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- AuthenticatorBase.java 9 Aug 2002 01:12:39 -0000 1.3
+++ AuthenticatorBase.java 13 Nov 2002 06:10:38 -0000 1.4
@@ -194,6 +194,11 @@
protected static final String info =
"org.apache.catalina.authenticator.AuthenticatorBase/1.0";
+ /**
+ * Flag to determine if we disable proxy caching, or leave the issue
+ * up to the webapp developer.
+ */
+ protected boolean noProxyCaching = true;
/**
* The lifecycle event support for this component.
@@ -388,6 +393,23 @@
}
+ /**
+ * Return the flag that states if we add headers to disable caching by
+ * proxies.
+ */
+ public boolean getNoProxyCaching() {
+ return noProxyCaching;
+ }
+
+ /**
+ * Set the value of the flag that states if we add headers to disable
+ * caching by proxies.
+ * @param nocache <code>true</code> if we add headers to disable proxy
+ * caching, <code>false</code> if we leave the headers alone.
+ */
+ public void setNoProxyCaching(boolean nocache) {
+ noProxyCaching = nocache;
+ }
// --------------------------------------------------------- Public Methods
@@ -479,7 +501,8 @@
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
- if (!(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
+ if (noProxyCaching &&
+ !(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
HttpServletResponse sresponse =
(HttpServletResponse) response.getResponse();
sresponse.setHeader("Pragma", "No-cache");
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Posted by Remy Maucherat <re...@apache.org>.
billbarker@apache.org wrote:
> billbarker 2002/11/12 22:10:38
>
> Modified: catalina/src/share/org/apache/catalina/authenticator
> AuthenticatorBase.java
> Log:
> Add a flag to disable adding headers to prevent proxies from caching
> the content of protected pages.
>
> I strongly want this in 4.1, but committing here first since the
> topic is a bit controversial. The out-of-the-box behavior is the same
> as before. This just adds a much-asked-for configuration setting for
> webmasters that don't want this behavior.
+1 for porting (this should be clear that this is potentially unsafe).
Remy
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>