Mantis - Resin
Viewing Issue Advanced Details
3065 minor always 11-11-08 09:34 03-25-09 16:19
none 4.0.0  
0003065: proxy caching and apache authentication
(rep by Daniel Wigenfors)

We are trying out resin 3.1 at the moment, and we have stumbled upon a strange situation with the resin proxy cache. In short, caching in resin proxy cache does not work when using basic http auth in apache, when removing basic auth, the same request is cached in resin proxy cache.

The following conf was changed in apache:

 <Location />
   AuthType Basic
   AuthName "test"
   AuthUserFile users
   AuthGroupFile groups
   Require group test

We have used the following sample code from your documentation to verify the caching:

<%@ page session="false" %>
<%! int counter; %>
long now = System.currentTimeMillis();
response.setDateHeader("Expires", now + 15000);
Count: <%= counter++ %>

Three different ways to access the page has been used.

1. Apache/mod_caucho with http basic auth -> pages are not cached
2. Resin directly through port 8081 -> pages are cached
3. Apache/mod_caucho without http basic auth -> pages are cached

Is that a feature or a bug, it's not mentioned anywhere in the documentation as far as we can see? It took us a couple of days to locate the source of the problem. It's not a showstopper for us at the moment, now that we know why it happens.

03-25-09 16:19   

The issue was potentially serving cached pages bypassing the authentication check.