Author: remy.maucherat(a)jboss.com Date: 2015-09-01 09:45:57 -0400 (Tue, 01 Sep 2015) New Revision: 2625 Modified: branches/7.5.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java Log: BZ1221446: Filter out HEAD method. Submitted by Hisanobu Okuda. Modified: branches/7.5.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java =================================================================== --- branches/7.5.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java 2015-09-01 11:55:36 UTC (rev 2624) +++ branches/7.5.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java 2015-09-01 13:45:57 UTC (rev 2625) @@ -368,9 +368,12 @@ request.changeSessionId(session.getId()); } } - // Always use GET for the login page, regardless of the method used + // Always use GET for the login page, regardless of the method used. + // In case of HEAD method. the container should not return body String oldMethod = request.getMethod(); - request.getCoyoteRequest().method().setString("GET"); + if (!"HEAD".equals(oldMethod)) { + request.getCoyoteRequest().method().setString("GET"); + } RequestDispatcher disp = context.getServletContext().getRequestDispatcher(config.getLoginPage());