tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Filip Hanik" <m...@filip.net>
Subject RE: JDBCrealm drops user after manager reload
Date Tue, 01 Apr 2003 18:43:04 GMT
I believe that during restart of a context, all sessions get serialized to
disk.
but the serialization does not serialize the principal. You can try to file
a bug for this, but I might be afraid that it may get shutdown because of
security concerns

Filip

> -----Original Message-----
> From: Dan Allen [mailto:dan@mojavelinux.com]
> Sent: Tuesday, April 01, 2003 10:32 AM
> To: tomcat-user@jakarta.apache.org
> Cc: max@maxcooper.com
> Subject: JDBCrealm drops user after manager reload
>
>
> I am having a fairly painful problem here dealing with
> authentication using the JDBCReam and container managed security.
> In particular I am using securityfilter, but I seriously doubt that
> this problem involves that application directly.
>
> If I use the default SecurityRealm that comes with the security
> filter application, which just manual sets the userInRole and
> getRemoteUser information, I can reload the context over and over
> and never drop the user.  When I use JDBCReam to handle users in a
> database and I reload the context after logging in all the active
> sessions loose their security principals and roles.  The thing is,
> all the session data is still there, working as normal.  I get no
> messages in the log files regarding a failure of any kind.
>
> In short:
>
> Why does a context reload kill the user principal information and
> how can I fix it?
>
> To duplication:
>
> Grab securityfilter from securityfilter.sourceforge.net  Log in out
> of the box, reload the context and view the securePage.jsp again.
> No problem.  Now, change the realm to JDBCRealm, login, reload
> the context and visit the securePage.jsp...aha, now it says you are
> not logged in and takes you to the login page.
>
> Dan
>
> --
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Daniel Allen, <dan@mojavelinux.com>
> http://www.mojavelinux.com/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> "This is a test of the Emergency Broadcast System.  If this had
> been an actual emergency, do you really think we'd stick around
> to tell you?"
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message