Paul Clapham wrote: Anyway the first thing to do is to find out where that request came from and how the URL was generated there.
Therein lies the issue.
The request originates from Facebook.
This issue is happening in the servlet that is defined as the redirect_uri in our facebook oauth dialog. When a user successfully authenticates, facebook looks up the request_uri (my servlet), and issues a GET request.
The string with the '#' in it, is what is contained in the code=xxx key/value pair of the request. I need this code to then grab an access_token for subsequent Oauth calls.
Actually, *anything* after the '#' (uri fragment) is ignored by the request, even additional key/value pairs.
I'll try taking this up with FB directly if there's no easy workaround via
Tomcat and the HttpRequest object.
Thanks for the quick reply!