https://issues.apache.org/bugzilla/show_bug.cgi?id=51940
--- Comment #1 from Nicholas Sushkin <nsush...@openfinance.com> 2011-10-07 17:06:46 UTC --- Regarding "Re: Should Form Authentication Valve restore request body on a PUT?", on Friday, October 07, 2011 10:13:00, Christopher Schultz wrote to Tomcat Users List <us...@tomcat.apache.org> > Nicholas, > > On 10/6/2011 10:08 PM, Nicholas Sushkin wrote: > > I now reconfigured DefaultServlet in conf/web.xml with > > readonly=false. Now, an unauthenticated PUT (with or without a > > body) returns 204 No Content instead of the login form. Seems like > > a bug. Should I add this behavior to Bug #51940 or a new bug? > > I'll bet what is happening is that your PUT request is being forwarded > without modification to the login page, and your login page is some > static content. Is that right? > > If that's what's happening, the DefaultServlet is handling the > request, seeing that it is a PUT, and then complaining that it's > read-only. When you make the DefaultServlet read-write you tell the > DefaultServlet to accept uploads, and you'll probably end up > overwriting your login form with the request entity (oops). > > It looks like the authenticator code needs to transform the PUT > request into a GET (or POST?) so that the DefaultServlet doesn't try > to do an upload. > > I think you'd have similar problems if trying to use a JSP for your > login-page, because JSPs can't accept PUT requests unless specifically > configured to do so. > > Since you're just hacking, try setting the request method to "GET" > when you detect a PUT request that requires authentication. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
