https://bz.apache.org/bugzilla/show_bug.cgi?id=57629
--- Comment #1 from Mark Thomas <ma...@apache.org> --- This is only going to work if Tomcat does the authentication otherwise, as you have observed, Tomcat sends the 100 response before passing the request/response to the application for processing. One of the aims for Tomcat 9 is to implement JASPIC which would allow libraries like Spring Security to plug into Tomcat's authentication mechanism allowing for the behaviour you are looking for. The other option would be to add an option to the Context to delegate sending of the 100 response to the application. There are security concerns around expectation handling but as long as Tomcat's current handling stays in place I don't believe this would create any issues. The down side is that if the application does not send the 100 continue response then the client may wait for an unknown period of time before sending the request body any way. If you think such an option (to delegate the sending of 100 response) would be useful, we can move this issue to an enhancement. If not, it will get resolved as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
