[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    RE: Authentication behaviour
From:       "Caldarale, Charles R" <Chuck.Caldarale () unisys ! com>
Date:       2008-09-30 23:27:52
Message-ID: 0AAE5AB84B013E45A7B61CB66943C172143545A94B () USEA-EXCH7 ! na ! uis ! unisys ! com
[Download RAW message or body]

> From: Maurizio Lotauro
> [mailto:maurizio.lotauro@territoriumonline.com]
> Subject: Authentication behaviour
> 
> The server answers with 401 before it has received the
> whole content send from client. In fact it seems that
> the answer become right after the server has received
> the http header.

Looks proper to me for basic authentication.  As soon as the reference to the \
protected resource is recognized, the 401 is sent; it's up to the client to resend \
all the input with the user credentials on the next request.

Read the HTTP Authentication RFC:
http://tools.ietf.org/html/rfc2617

For synopses, try these:
http://en.wikipedia.org/wiki/Basic_access_authentication
http://en.wikipedia.org/wiki/Digest_access_authentication

If you're using form-based authentication, then the server captures any POST data \
submitted with the request, and uses that following successful authentication.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and \
is thus for use only by the intended recipient. If you received this in error, please \
contact the sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]