0 Replies Latest reply on Sep 29, 2005 11:43 AM by Thomas Klem

    Problem with Setting JBoss HTTP Headers/ Workaround for IE B

    Thomas Klem Newbie

      When I have password-protected PDF files using SSL as well, IE gives an error message:

      The file could not be written to the cache.


      I'm getting the errors with JBoss 3.2.5, 3.2.6, and 3.2.7.

      In a previous posting ( http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3897201 ), a solution was proposed that is supposed to work for 3.2.6+

      And we have finally found the problem. In an attempt to try and work around some broken client (I can't be bothered to go back and see which one), Tomcat5 started adding adding the "don't cache" headers even for SSL requests. I'm in a very small minority of disliking this "feature", so it is unlikely to change.

      The work-around is to configure the Authenticator yourself:


      <Context path="/myapp" docBase="myapp">
       <Valve className="org.apache.catalina.authenticator.FormAuthenticator"
       disableProxyCaching="false" />
      </Context>



      I attempted to create a context.xml file with contents as follows:


      <?xml version="1.0" encoding="ISO-8859-1"?>
      
      <Context reloadable="true">
       <Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
       disableProxyCaching="false" />
      </Context>




      When I run the server on JBoss 3.2.7 on my Windows XP local machine, the SSL fix for IE only works if the web.xml that does the user name and password is renamed to web.xml.bak, turning off usernames and passwords. The code from that file follows:

      <?xml version="1.0" encoding="ISO-8859-1"?>
      
      <!DOCTYPE web-app
       PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
       "http://java.sun.com/dtd/web-app_2_3.dtd">
      
      <web-app>
      
      <security-constraint>
       <web-resource-collection>
       <web-resource-name>resourcename</web-resource-name>
       <description>An example security config that only allows users with the
       role myrole to access the web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>myrole</role-name>
       </auth-constraint>
      </security-constraint>
      
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
       </login-config>
      
       <security-role>
       <role-name>myrole</role-name>
       </security-role>
      
      </web-app>
      
      


      Is the problem that I'm using basic authentication, or is there another problem with the code? Both files are in the WEB-INF folder of the application.

      I should note that I'm also getting the same error message when I use Form Authentication.