tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Wingfield <>
Subject Re: request.getRemoteUser() is NULL
Date Tue, 20 Jan 2004 10:42:01 GMT
If FORM authentication only works after encoding the url then the 
browser is probably rejecting the cookie (JSessionId) that is normally 
used to maintain a session.
If this is the case then every link should also be encoded.
Actually, this is good practise anyway (encodeURL does nothing if 
cookies ARE being used to maintain state).
If tomcat can't use cookies and the url isn't encoded there is no way 
for session info to be retained between requests and a new 
(unauthenticated) session is started. This seems to be what you see when 
you hit test2.jsp.



Søren Blidorf wrote:
> I have made a new installation of Tomcat 4.1.29 on my new DELL laptop
> running 
> XP.
> I have copied the project to the new laptop and try set it up to work as
> on my 
> work machine.
> I am not able to get the login to work. I am using the
> <security-constraint> in 
> my web.xml.
> At first I could not get the FORM login to work only BASIC. Then I
> changed the 
> FORM action to <%= response.encodeURL("j_security_check") %>, and I was
> able 
> use FORM login.
> The next problem is that the auth is only accepted for the page that
> activated 
> the FORM page. For example <url-pattern>/public/*</url-pattern> contains
> test.jsp and test2.jsp and when I link to test.jsp the FORM page is
> called. 
> When succesfully logged in the request.getRemoteUser() is correct. But
> when I 
> then link from there to test2.jsp the request.getRemoteUser() is NULL
> and the 
> FORM page is called again.
> If you have any ideas that will get me in the right direction, please
> let me know.
> BR.
> Soren
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message