tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From seb_esp <seb_...@hotpop.com>
Subject Re: getUserPrincipal() returning null after authenticated
Date Wed, 28 May 2003 20:04:10 GMT
That's the expected behavior. It's in Sun's Servlet spec., don't remember exactly where...

The user will be null if you are in an unprotected resource, EVEN if your are authenticated.

Regards,

Brian K Bonner wrote:
> Hello,
> 
> I'm seeing something wierd with 4.1.24.  If I access an unprotected 
> resource after I am authenticated, I receive null from getUserPrincipal(). 
>  I am using the Coyote Http 1.1 connector, although I've tried it with the 
> old catalina Http 1.1 connector.
> 
> Here's the test case:
> 1) access the  unprotected servlet first you'll see "testing unprotected 
> servlet.  user is null"    using either: 
> http://localhost:8083/testing/unprotected   or 
> http://localhost:8080/testing/unprotected
> 2) access the protected servlet, you'll be challenged with the basic auth 
> dialog and then see:  "testing protected servlet.  user is 
> GenericPrincipal[tomcat]"   using either: 
> http://localhost:8083/testing/protected   or 
> http://localhost:8080/testing/protected
> 3) access the unprotected servlet, I still see:  "testing unprotected 
> servlet.  user is null"  access it the same as in #1
> 
> This should return the same as #2, but it doesn't.  Can someone explain 
> why?? and How can I workaround this problem??   I've been searching on the 
> web, but www.mail-archive appears to be down.
> 
> Brian
> 
> 
> 
> Using Tomcat 4.1.24 standalone with the memory realm.
> 
> Here's my abbreviated conf/tomcat-users.xml:
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
>   <role rolename="editor"/>
>   <user username="tomcat" password="tomcat" roles="editor"/>
> </tomcat-users>
> 
> The get methods of my two servlets  (protected and unprotected)
> 
> unprotected servlet's doGet:
> 
>        PrintWriter out = res.getWriter();
>        out.println("testing unprotected servlet");
>        out.print("user is ");
>        Principal p = req.getUserPrincipal();
>        out.print(p);
> 
> protected servlet's doGet:
> 
>        PrintWriter out = res.getWriter();
>        out.println("testing protected servlet");
>        out.print("user is ");
>        Principal p = req.getUserPrincipal();
>        out.print(p);
>  
> Here's my web.xml file:
> 
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 
> 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" >
> <web-app>
>         <display-name>testing</display-name>
>         <description>Test Unsecured Pages App</description>
>         <servlet>
>                 <servlet-name>protected</servlet-name>
>  <servlet-class>com.paraware.test.TestServlet</servlet-class>
>         </servlet>
>         <servlet>
>                 <servlet-name>unprotected</servlet-name>
>  <servlet-class>com.paraware.test.TestServlet2</servlet-class>
>         </servlet>
>         <servlet-mapping>
>                 <servlet-name>protected</servlet-name>
>                 <url-pattern>/protected</url-pattern>
>         </servlet-mapping>
>         <servlet-mapping>
>                 <servlet-name>unprotected</servlet-name>
>                 <url-pattern>/unprotected</url-pattern>
>         </servlet-mapping>
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>Secure 
> Servlets</web-resource-name>
>                         <description>Files secured for 
> testing</description>
>                         <url-pattern>/protected</url-pattern>
>                         <http-method>GET</http-method>
>                         <http-method>POST</http-method>
>                 </web-resource-collection>
>                 <auth-constraint>
>                         <description>Editors</description>
>                         <role-name>editor</role-name>
>                 </auth-constraint>
>         </security-constraint>
>         <login-config>
>                 <auth-method>BASIC</auth-method>
>         </login-config>
>         <security-role>
>                 <description>Page Editors</description>
>                 <role-name>editor</role-name>
>         </security-role>
> </web-app>
> 
> 
> 
> And from the server.xml:
> 
>     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>                port="8080" minProcessors="5" maxProcessors="75"
>                enableLookups="true" redirectPort="8443"
>                acceptCount="100" debug="4" connectionTimeout="20000"
>                useURIValidationHack="false" disableUploadTimeout="true" />
> 
> 
>     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>                port="8009" minProcessors="5" maxProcessors="75"
>                enableLookups="true" redirectPort="8443"
>                acceptCount="10" debug="0" connectionTimeout="0"
>                useURIValidationHack="false"
>  protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
> 
>     <Connector 
> className="org.apache.catalina.connector.http.HttpConnector"
>                port="8083" minProcessors="5" maxProcessors="75"
>                enableLookups="true" redirectPort="8443"
>                acceptCount="10" debug="0" />
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message