https://issues.apache.org/bugzilla/show_bug.cgi?id=55599
--- Comment #2 from Matafagafo <matafag...@yahoo.com> ---
(In reply to Mark Thomas from comment #1)
> Given that the manager requires users to be authenticated, a 403 response
> seems entirely reasonable.
>
> It isn't clear what you aretrying to achieve by configuring the
> NonLoginAuthenticator, nor where you doing this (context.xml is not specific
> enough). Either way, the users list is the place to go to seek further help.
Let me explain.
My application needs to be accessed thru SSL, so I configured a "Protected
Context" for it in Tomcat web.xml file, as You can se bellow
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
It worked, but as a side effect Tomcat started to set "Cache-Control" HTTP
header in responses as "private". With this my application stop to use browsers
local cache.
To solve this I configured NonLoginAuthenticator disableProxyCaching="false" in
Tomcat context.xml and the "Cache-Control: private" problem is solved.
But with this config I can't access Tomcat Manager anymore !
Because of this I filed this bug, it appears to me that should be a way to
access the Manager in this situations.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
