DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=12428
request.getUserPrincipal(): Misinterpretation of specification?
------- Additional Comments From ephemeris.lappis@tiscali.fr 2004-06-15 18:21 -------
I've been reading again the servlet 2.3 specification, and, actually, i don't
see in it anything that give the opposite position, ie always return the
principal when one has been authenticated, when the requested url is protected
or not. Further, Tomcat 4 behaves as expected (i mean, i expect), which is, i
think, the 2.3 implementation. What about the 2.4 version, which is the base
for the new Tomcat 5 ?...
More, what about the 'isUserInRole' ? Does it follow the same rule ? How a
simple menu page could take decision according to identity or roles of the
authenticated user, and show or hide links for example, even if this page
itself is not protected ?
Thanks for your precisions.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
|