tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Cain <>
Subject Re: Remaining Tomcat 3.3 Issues
Date Wed, 12 Sep 2001 17:40:45 GMT

Larry Isaacs wrote:
> I would like to have the "tomcatAuthentication" hack
> available in Ajp13 so this behavior is fully controllable.
> Also, I'm also leaning toward having a default of "true".
> To get the "security" example working when using Apache,
> or other web server, users would have to discover the user
> names and passwords provided by default.  I prefer this
> over requiring they add their own user name(s) and roles.


> Hopefully they would have the sense not to enter a *real*
> password in clear text, but who knows.

I think that might be hoping too much, which is why I agree with your 

> Larry
>>-----Original Message-----
>>From: Ignacio J. Ortega []
>>Sent: Wednesday, September 12, 2001 11:54 AM
>>To: ''
>>Subject: RE: Remaining Tomcat 3.3 Issues
>>>4. Address user authentication via Ajp12 and Ajp13.  Ajp12 
>>>has a test for
>>>isTomcatAuthentication() to see if req.setRemoteUser() should 
>>>be called.
>>>I think Ajp13 doesn't have this yet and probably should.  
>>Also, if the
>>>user is anonymous, i.e. user = "", should we call 
>>>with this value?  This prevents Tomcat's normal 
>>>authentication from being
>>I have this code prepared for commit, implementing the
>>tomcatAuthentication hack in ajp13.
>>But i've planned to change the hack only testing the received 
>>string for
>>emptyness and not calling setRemoteUser in the case, i think this will
>>render the tomcatAuthentication hack useless... 
>>But perhaps the better is as you say, honor IsTomcatAuthentication and
>>not calling setRemoteUser for the empty string case.. 
>>But i cannot think of a usecase in which were needed to 
>>obviate an auth
>>done in HTTP Server and honor another done in the Servlet container..
>>Saludos ,
>>Ignacio J. Ortega

- Christopher

  * Pleurez, pleurez, mes yeux, et fondez vous en eau!
  * La moitiƩ de ma vie a mis l'autre au tombeau.
  *    ---Corneille

View raw message