https://bz.apache.org/bugzilla/show_bug.cgi?id=64180
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
The current behaviour is as expected / intended.
I can see merit in changing the behaviour so empty string and null (not set)
are equivalent for secret. We could also clarify that secretRequired indicates
whether the secret attribute MUST be set, not whether the client must provide a
secret and that (independent of secretRequired) the client MUST provide the
correct secret if secret is non-null and non-zero length.
Moving this to a proposed enhancement request for the changes described in this
comment.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
