tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12428] request.getUserPrincipal(): Misinterpretation of specification?
Date Fri, 01 Apr 2011 21:07:22 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=12428

--- Comment #30 from Christopher Schultz <chris@christopherschultz.net> 2011-04-01 17:07:10
EDT ---
Fascinating reading. My question would be: why does anyone want to have a
resource that doesn't need authentication (no security-constraint) but then
checks the authentication status, anyway (calls getPrincipal, isUserInRole,
etc.)?

If this "bug" was really ruining anyone's day, isn't it a simple matter of
providing an aliased URL to the same resource that /is/ protected by a
security-constrains and always sending authenticated users to /that/ URL
instead?

Glad the 9-year saga is over...

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message