Hi all, I believe that I've found a bug in Tomcat but wanted to run it by people on this list first to make sure. Note that I've checked Bugzilla and searched the mailing list and not found anything that looks like this. I hope that I'm not wasting peoples time. Here goes...
Spec ==== I'm running Tomcat 5.5.12. I have tested on both Red Hat Enterprise Linux 3 and Windows 2000. I've tested on Java 1.5.0_05. Behaviour ======= -- User has not logged on to the app and this is their first access 1) User issues POST request to the app 2) User receives HTTP 302 redirect to login page. User issues GET for this page. 3) User issues POST request with j_username and j_password to authentication page 4) Authentication is successful. Server issues another HTTP 302 to send user to original requested destination. 5) User issues GET request to the redirect URL. 6) None of the original request parameters are available on the final destination. To further clarify, if I'd submitted a request parameter called test on the original request (step 1), it would not be available once I process the request in step 5. This is not an issue when the user is authenticated already. Possible Fix? ========== I looked through the Tomcat 5.5.12 source code and ended up in the org.apache.catalina.authentication.FormAuthenticator class and noticed that there is no code there to save the request parameters from the original request into the saved request in the saveRequest() mehtod and to copy them into the final 'new' request in the restoreRequest() method. Am I missing something here? Is this done somewhere else? I added this code in myself and copied it to the $TOMCAT_HOME/server/classes directory and all seems to now work fine. I can post the code if desired (don't want to send a huge long mail unless necessary). Conclusion ======== I believe that this is a bug and that I have found a fix for it but I'm not a Tomcat expert and would like someone who knows the code to verify that a) this is a bug and b) that it has not been fixed somewhere else that I am unaware of. I'm willing to raise a bug and post the fixed code if desired. Thanks very much for your time. Kevin. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
