tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfc <jfc...@btopenworld.com>
Subject Re: tomcat4 + declarative security
Date Thu, 22 Aug 2002 13:11:38 GMT
Andreas Mohrig wrote:

>I'm using Tomcat/4.0.4 with Apache 1.3.26 (mod_jk) on SuSE Linux 7.3
>(without JBoss or struts). 
>
>Do you really get responses with the same session-id, but different results
>of getRemoteUser()?
>
>Andreas Mohrig
>-----Original Message-----
>From: jfc [mailto:jfc100@btopenworld.com]
>Sent: Wednesday, August 21, 2002 7:15 PM
>To: Tomcat Users List
>Subject: Re: tomcat4 + declarative security
>
>
>Andreas Mohrig wrote:
>
>>The answers are "yes" and "yes". You can determine the user's
>>"logged-in-ness" with a call to "request.getRemoteUser()", which should
>>return "null" if he is not and his name (login) otherwise. This should
>>always be the case, regardless of the currently requested resource having a
>>security-constraint or nor, but of course a login will only be demanded if
>>it has such a constraint.
>>
>>If you experience different behaviour, I will surely be interested to learn
>>about it.
>>
>>Andreas Mohrig
>>-----Original Message-----
>>From: jfc [mailto:jfc100@btopenworld.com]
>>Sent: Wednesday, August 21, 2002 1:26 PM
>>To: tomcat-user@jakarta.apache.org
>>Subject: tomcat4 + declarative security
>>
>>
>>Hi,
>>
>>I have two questions regarding declarative security ( I use 
>>JBoss2.4.x+Tomcat4.0 + struts1.1, on suse linux7.2  - ):
>>
>>1.    Is tomcat 4 supposed to be able to distinguish previously 
>>authenticated users from unauthenticated users?
>>
>>   I assumed the answer to this question is yes because otherwise the 
>>user would have to undergo the entire authentication process repeatedly 
>>for each request that he submits within a single session.
>>
>>2.    Is tomcat 4 supposed to be able to do the above (i.e. remember a 
>>user's logged-in-ness) regardless of whether his current request was to 
>>a secured resource? (again assume requests are within the same session).
>>
>>cheers
>>jfc
>>
>>
>>--
>>To unsubscribe, e-mail:
>><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>For additional commands, e-mail:
>><mailto:tomcat-user-help@jakarta.apache.org>
>>
>>--
>>To unsubscribe, e-mail:
>>
><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>
>>For additional commands, e-mail:
>>
><mailto:tomcat-user-help@jakarta.apache.org>
>
>>
>Right, well I have a situation where point 2 is not working. If I roll 
>my versions back to bundle jb243+tc40, I get the predicted behaviour of 
>which you speak.
>
>What version/s are you using?
>
>jfc
>
>
>
>--
>To unsubscribe, e-mail:
><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail:
><mailto:tomcat-user-help@jakarta.apache.org>
>
>--
>To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
>
>
The answer is yes.

Can I email you my tomcat 'demo-auth-prob' war file?(which utilizes 
users.properties and roles.properties - so it shows the problem without 
referring to jboss). If you need the src, I can email it too.


jfc



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message