The DataPreservationFilter triggers POST data preservation when an unauthenticated client posts HTML form data to a protected resource.
When an authentication redirect is triggered, the filter stores the data in the HTTP session, and redirects the client for authentication. After authentication, the filter generates an empty self-submitting form POST to emulate the original POST. It then replays the stored data into the request before passing it along the chain.
The data can be any POST content, such as HTML form data or a file upload.
For more information, refer to POST data preservation.
"maxContentLength": configuration expression<positive integer>, optional
The maximum number of bytes of POST data the filter can preserve. The size is taken from the Content-Length header.
"lifetime": configuration expression<duration>, optional
The maximum time that the filter can store POST data in an HTTP session.
The filter deletes stored POST data when the following events occur:
The POST data preservation process from an earlier request hasn’t completed.
A new request arrives that triggers a new POST data preservation process.
Stored POST data is also deleted when the session expires.
Default: 5 minutes
For an example of use, refer to POST data preservation.