servlet-spec
  1. servlet-spec
  2. SERVLET_SPEC-21

Clarify behaviour with pre-emptive authentication

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      The HTTP spec allows pre-emptive authentication - i.e. sending credentials before the server asks for them. It is unclear from the Servlet spec how getRemoteUser() and friends should behave in this regard when the resource being requested does not require authentication. Should the credentials be processed or ignored?

        Activity

        markt_asf created issue -
        Rajiv Mordani made changes -
        Field Original Value New Value
        Assignee Shing Wai Chan [ swchan2 ]

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            markt_asf
          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated: