Trailing backslashes in property file values cause problems.

Any of the administration screens that allow user entry of property values should ensure that the value does not end with a backslash or that the value is escaped.

Realms need to be managed as "global", not per-service entities

In Internet Explorer, the 'Passwords Don't Match' dialog is hidden from view.

• Add Permission dialog does not close when clicking OK or Apply.
• No group exists on the Principal Name list.

Click Cancel to dismiss dialog.

Description field on Servlets does not clear after removing and then adding a servlet with the same name.

Null pointer returned when canceling out of the passphrase key dialog during server startup.

Win32: Problems deleting groups in Security Groups page.

Reload applet and delete group.

The certificate information at the bottom of the Security Users servletMgrRealm page is displayed incorrectly after deleting the user from the list.

In the Security Users page, focus is lost when adding/removing users.

By default, the Java Web Server supports only client authentication using Certificates provided by VeriSign. This default can only be overridden with some difficulty.

The sun.security.Login class uses a "user.trust-decider" system property, defaulting to "sun.security.SimpleTrustDecider", when setting up the trust decider (which might or might not understand non-Verisign certificates).

Customers can write a trust decider that understands about non-Verisign certificates.

There is no GUI support to protect servlets as a class name.

Servlet is not protected when invoked by its class name. The servlet is protected in these situations:

• when the servlet is added
• when the servlet is given a unique name through the administration tool
• when the servlet is aliased

Servlets can be protected when used with the unique name given through the administration tool.

The Remove Permission button is set to an incorrect state after removing permissions.

Go to another page and return.

ACL errors will appear if NT users are removed before ACL permissions are deleted.

Edit the .acl file

In the NTRealm, a user that does not have a password cannot be authenticated for protected resources.

A NullPointer exception occurs when attempting to start the server with keys using java-server.startup script.

The Cookie class does not work well with the Netscape browser.

SSL connection attempts fail if the client attempts to resume a previously established and cached SSL session and the server insists on negotiating a new session.

Exit the SSL client (HotJava etc.), restart it and immediately try the SSL connection again. In this case, the client will not have a cached SSL session.

Remote Servlets must be in JAR format.

Digest Author does not return opaque header.

HTTP1.1 hosting fails when uppercase letters are used in domains.

An unexpected problem occurs when creating service endpoints which start secure services without keys.

To use the minimum number of threads, the server needs to be restarted.

Even though a user enters a correct name and password, authentication fails.

httpd.exe does not work correctly if there are whitespaces in the classpath.

The installation instructions, in particular the removal of the service for Windows NT, refers to the command "httpdsrv JavaWebServer remove".

The command located in the bin is actually named "jservsvc.exe".

response.sendRedirect is not working inside the page compile servlet.

Restart the server to proceed.

Top