tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12428] - request.getUserPrincipal(): Misinterpretation of specification?
Date Tue, 15 Jun 2004 18:21:19 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12428

request.getUserPrincipal(): Misinterpretation of specification?





------- Additional Comments From ephemeris.lappis@tiscali.fr  2004-06-15 18:21 -------
I've been reading again the servlet 2.3 specification, and, actually, i don't 
see in it anything that give the opposite position, ie always return the 
principal when one has been authenticated, when the requested url is protected 
or not. Further, Tomcat 4 behaves as expected (i mean, i expect), which is, i 
think, the 2.3 implementation. What about the 2.4 version, which is the base 
for the new Tomcat 5 ?...

More, what about the 'isUserInRole' ? Does it follow the same rule ? How a 
simple menu page could take decision according to identity or roles of the 
authenticated user, and show or hide links for example, even if this page 
itself is not protected ?

Thanks for your precisions.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message