tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12428] request.getUserPrincipal(): Misinterpretation of specification?
Date Thu, 16 Dec 2010 19:00:31 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=12428

Mark Thomas <markt@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #23 from Mark Thomas <markt@apache.org> 2010-12-16 14:00:15 EST ---
Having looked at this further this is no need for a patch. Tomcat has the
necessary functionality to do this. You just need to ensure that a) the
application is using sessions and b) that the authenticators are configured to
cache the authenticated Principal in the session.

A recent enhancement to Tomcat 7 (the alwaysUseSession attribute) will make
this even easier. On earlier versions, ensure a session exists before the
authentication takes place. Depending on circumstances that might require a
valve.

Marking this as WONTFIX since the patch isn't going to be applied.

The other advantage of this approach is that the handling of fail unprompted
authentications does not need to be considered. There were issues with
complying with RFC2617 with that approach and it couldn't possible work with
DIGEST auth.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message