Summary: | request.getAuthType() returns different string from HttpServletRequest.CLIENT_CERT_AUTH | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Dario Andrade <dario> |
Component: | Servlet & JSP API | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P2 | ||
Version: | 5.5.12 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Windows XP | ||
Attachments: | Fix for CLIENT_CERT/CLIENT-CERT mismatch |
Description
Dario Andrade
2006-09-16 01:49:08 UTC
Created attachment 19396 [details]
Fix for CLIENT_CERT/CLIENT-CERT mismatch
The auth-methodType value 'CLIENT-CERT' is defined in the web-app DTDs and
XSDs, but HttpServletRequest.java uses 'CLIENT_CERT'. The Tomcat internal
Request class correctly uses 'CLIENT-CERT'. This patch fixes
HttpServletRequest to match the descriptor definition.
-1 for this patch. As per the spec: CLIENT-CERT is for use in web.xml CLIENT_CERT is the value of HttpServletRequest.CLIENT_CERT_AUTH and should be returned by HttpServletRequest.getAuthType() The bug that needs to be fixed is that HttpServletRequest.getAuthType() should return CLIENT_CERT rather than CLIENT-CERT I have committed an alternative fix. It will be in 5.5.21 onwards. |