tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thom Park" <tp...@borland.com>
Subject Re: bug in getUserPrincipal()?
Date Mon, 18 Dec 2000 22:23:06 GMT
Hi Mark,

    I was using IE(5.5) -  I started up a fresh session from the icon on the
desktop for each test.
    I also repeated the tesit using Netscape 4.7 and saw the same behaviour.

 I noticed that in  org.apache.tomcat.core.RequestImpl.getUserPrincipal() that
there's a test that goes something like:

    if ( principal == null ) {
       principal = new SimplePrincipal( getRemoteUser());
   }

What happens if the principal isn't null and we have a different user logged in.

I'll be honest and say that my knowlege of what the relationship between the
RequestImpl object and the session
is somewhat clouded but I would have thought that I wouldn't be seeing this
behavior here.

Any ideas what I could have got wrong configuration-wise?

-Thom

p.s. did anyone take a look at that 'bug in security-role-ref' posting I sent
out? I need to verify with the
tomcat-elders that the change I proposed made sense prior to patching my copy of
tomcat, or
wether I'm making a damn fool of my self ;-)

-T>



"Palumbo, Mark" wrote:

> How did you "open" the second browser?  Did you ask your browser to spawn a
> new browser window, or did you open a new one via an icon, system menu,
> command line, etc.?
>
> If you ask an IE browser to open a new window, the two "browsers" will share
> the same cookie so tomcat will think they are the same user...
>
> > -----Original Message-----
> > From: Thom Park [mailto:tpark@borland.com]
> > Sent: Monday, December 18, 2000 4:58 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: bug in getUserPrincipal()?
> >
> >
> > Dear All,
> >
> > I'm seeing some odd behavior from getUserPrincipal(). I have a simple
> > servlet that calls:
> >
> > getRemoteUser(), getUserPrincipal() and isUserInRole().
> >
> > I've setup an appropriate web.xml and all is well until I access the
> > same servlet from two web-browsers on the same machine.
> >
> > In the first  browser, I login as user test1, in the second browser I
> > log in as user tomcat.
> >
> > In the first (correct) case, I see that the user is 'test1', the
> > principal is 'test1' and the user is in role.
> > In the second case, I see that the user is 'tomcat', but the principal
> > is still 'test1'.
> >
> > It seems to me that this is a bug (but I could be misconfiguring/using
> > something wrong)..
> >
> > Has anyone seen this behavior / can explain it such that I can
> > understand this - am I misunderstanding the
> > relationship between running servlets and connected clients?
> >
> >
> >


Mime
View raw message