Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 5497 invoked from network); 3 May 2000 10:30:15 -0000 Received: from cmailg1.svr.pol.co.uk (195.92.195.171) by locus.apache.org with SMTP; 3 May 2000 10:30:15 -0000 Received: from [195.92.67.23] (helo=mail18.svr.pol.co.uk) by cmailg1.svr.pol.co.uk with esmtp (Exim 3.13 #0) id 12mwQ1-0006F5-00 for tomcat-dev@jakarta.apache.org; Wed, 03 May 2000 11:30:13 +0100 Received: from modem-246.electric-blue-damsel.dialup.pol.co.uk ([62.137.5.246] helo=david.consultants.co.nz) by mail18.svr.pol.co.uk with esmtp (Exim 3.13 #0) id 12mwPx-0004AS-00 for tomcat-dev@jakarta.apache.org; Wed, 03 May 2000 11:30:09 +0100 Received: from consultants.co.nz (david.consultants.co.nz [127.0.0.1]) by david.consultants.co.nz (8.9.3/8.9.3) with ESMTP id LAA02247; Wed, 3 May 2000 11:45:27 +0100 Sender: david@consultants.co.nz Message-ID: <39100347.9299031F@consultants.co.nz> Date: Wed, 03 May 2000 11:45:27 +0100 From: David Thexton X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: "tomcat-dev@jakarta.apache.org" Subject: Broken req.getUserPrincipal().getName() with form based authentication? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N When using form based authentication the user principal appears not to be properly assigned. As far as I can make out from the spec's it should be. The work unencoding the response appears to have already been done in the SecurityCheck class and so the easiest way would seem to be to return that response. The code currently repeats the section for basic authentication from SecurityCheck only. I may well be wrong... Please let me know if I am. And am I correct in assuming the form login error page doesn't work yet? If so, is it something likely to be easy to fix or will someone else fix it soon :) Regards, David Thexton. Index: src/share/org/apache/tomcat/core/SimpleRequestSecurityProviderImpl.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/core/SimpleRequestSecurityProviderImpl.java,v retrieving revision 1.1 diff -r1.1 SimpleRequestSecurityProviderImpl.java 149,154c149 < Principal principal = null; < String remoteUser = getUserName(req); < if (remoteUser != null) { < principal = new SimplePrincipal(remoteUser); < } < return principal; --- > return new SimplePrincipal(getUserName(req)); 178,188c173 < String userName = null; < String authorization = req.getHeader("Authorization"); < if (authorization != null && authorization.startsWith("Basic ")) { < authorization = authorization.substring(6).trim(); < String unencoded = base64Decode(authorization); < int colon = unencoded.indexOf(':'); < if (colon > 0) { < userName = unencoded.substring(0, colon); < } < } < return userName; --- > return req.getRemoteUser();