Flash elemets not presented

Oct 15, 2009 at 10:20 PM
Edited Oct 15, 2009 at 10:21 PM


I am using your mod (140909) in Tomcat 6.0.18.

The problem is in pages that supposed to show flash elemets. Instead, it just shows white space of where the flash should be.

Any suggestions?


Oct 20, 2009 at 5:58 AM


You can uncomment, in server.xml, the line with the valve RequestDumper and log the the authentication.Send me catalina.log.

Does it work without authentication? Can you send me a version of tomcat with a simplified version of your application? You can use free.mailbigfile.com or other. In France, we often use dl.free.fr.


Oct 20, 2009 at 5:37 PM

Hi Dominique,

Unfortunetly, I cannot send you the tomcat and the application. What I can do is to attach the html code I use ti show the swf file.

I can also provide you with the catalina.log if you tell me where to send it (email)?

Hope it is enough to find the problem,


<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
id="ImportAll" width="580" height="300"
<param name="movie" value="/idm/configure/ImportAll.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<param name="allowScriptAccess" value="sameDomain" />
<param name="flashVars" value="postUrl=/idm/configure/fileimport_multiple_submit.jsp;jsessionid=1842F93F38A3328593631828459B5568" />
<embed src="/idm/configure/ImportAll.swf"
quality="high" bgcolor="#ffffff"
width="580" height="300" name="ImportAll" align="left"


Oct 20, 2009 at 7:30 PM


You can click on doumeguerin, or send to



Oct 23, 2009 at 11:20 PM


I  shall test with a file swf. I shall give you the result.

I  read the file catalina.log. I saw you receive a file login.jsp, but you was already authenticated with /idm/index.html.

On the source, you have "postUrl=/idm/configure/fileimport_multiple_submit.jsp;jsessionid=1842F93F38A3328593631828459B5568". But why have you this jsessionid? In the file catalina.log, you has JSESSIONID=61941CA72F8EDD42FE4FA7B5C40DC9DE, sent in a session cookie by tomcat.  

After /idm/configure/fileimport_multiple.jsp, you received some js, css and gif and, finally, /idm/configure/ImportAll.swf, alwways with the JSESSIONID=61941CA72F8EDD42FE4FA7B5C40DC9DE.

Can you see the flash animation without authentication? 


Oct 24, 2009 at 7:35 AM


You use https. Read this page: http://support.microsoft.com/?id=316431

Have you the problem without https and IE ?You can also test with Firefox and HTTPS. If Firefox works and not IE with HTTPS, you must change the headers in the jsp.



Oct 25, 2009 at 6:11 AM


The page does works in forms without validation. I will check your suggestion regarding the https header.

Thank you for your help,


Oct 30, 2009 at 1:26 PM
Edited Oct 30, 2009 at 1:42 PM


see https://issues.apache.org/bugzilla/show_bug.cgi?id=27122

add disableProxyCaching="false" to the definition of the valve.

So replace in the version with the dll

<Valve className="fr.doume.authenticator.SSPAuthenticator" /> by

<Valve className="fr.doume.authenticator.SSPAuthenticator"  disableProxyCaching="false" />

or in the version with tcp:

<Valve className="fr.doume.v2.authenticator.SSPAuthenticator" /> by

<Valve className="fr.doume.v2.authenticator.SSPAuthenticator"  disableProxyCaching="false"/>

Does it works after this modification?



Oct 30, 2009 at 2:38 PM


Perhaps, you must add  securePagesWithPragma="false" to the definition of the Valve. Test with and without and send the result.

Code source AuthenticatorBase dans Tomcat 6.0.18:

// Make sure that constrained resources are not cached by web proxies
        // or browsers as caching can provide a security hole
        if (disableProxyCaching &&
            // FIXME: Disabled for Mozilla FORM support over SSL
            // (improper caching issue)
            //!request.isSecure() &&
            !"POST".equalsIgnoreCase(request.getMethod())) {
            if (securePagesWithPragma) {
                // FIXME: These cause problems with downloading office docs
                // from IE under SSL and may not be needed for newer Mozilla
                // clients.
                response.setHeader("Pragma", "No-cache");
                response.setHeader("Cache-Control", "no-cache");
            } else {
                response.setHeader("Cache-Control", "private");
            response.setHeader("Expires", DATE_ONE);


Nov 1, 2009 at 6:47 PM

Hi Dominique,

After your last post regarding this may be a some sort of bug I decided to play around with the web.xml (don't know why I didn't think of this before).

I limited the SPNEGO to spesific part of my site - only where I require to fetch the OS logon name. So now the part of my site with the flash object is not SPNEGO-enabled and everything works. :)

Oviously, this is not a real solution but it sufficent for my needs.


Thanks for your help. I will use your mod in my future projects as well, and try the solutions you suggested if I come accross this bug again.