tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yansheng Lin" <yansheng....@silvacom.com>
Subject RE: request.getUserPrincipal();
Date Thu, 08 Apr 2004 14:40:16 GMT
Yes, you are looking at the right place.  Each request carries those information
from the client to the server.  But those information has to be stored in a
session that's asociated with the client somehow once they log in, otherwise how
would you know which client it is for a particular request.  

-Yan

-----Original Message-----
From: Winter, G (Graeme) [mailto:G.Winter@dl.ac.uk] 
Sent: Thursday, April 08, 2004 1:03 AM
To: 'Tomcat Users List'
Subject: RE: request.getUserPrincipal();


Hi,

I should probably clarify this. I have hacked the Tomcat 5
"RequestHeaderExample" servlet so that it prints out these values:

request.getAuthType();
request.getRemoteUser();
request.getUserPrincipal();

*but* they all print NULL. Even on the first "call" - no sessions involved
(at least, I didn't *think* there re any sessions involved!) I have
definately logged in, because Mozilla asked me if I would accept the
server's certificate, and also asked me for the password to my private
certificate store, and I set clientAuth="true" - so should be OK all round.

Am I looking in the wrong place? I'm looking at the request object for info
here...

(probability > 0.9 this is the case)

Cheers,

Graeme

-----Original Message-----
From: Yansheng Lin [mailto:yansheng.lin@silvacom.com]
Sent: 07 April 2004 21:26
To: 'Tomcat Users List'
Subject: RE: request.getUserPrincipal();


Hi, how often do you invalidate your sessions?  It's hard to imagine your
application would expire a user's session right after he logs in.  But take
a
look at the request header to see if the subsequent session ids are the same
as
the first one.  Other than that, without more specific info on how you
implemented the authentication, it's hard to figure out what's going on:).

-Yan


-----Original Message-----
From: Winter, G (Graeme) [mailto:G.Winter@dl.ac.uk] 
Sent: Wednesday, April 07, 2004 7:46 AM
To: 'Tomcat Users List'
Subject: request.getUserPrincipal();


Hi All,

I am trying to perform client authentication using certificates, and I have
made some progress - the certificates are now accepted as OK, which is nice.
Obviously I am using https too...

However, the sting is that the methods

request.getAuthType();
request.getRemoteUser();
request.getUserPrincipal();

All return NULL, which is contrary to the documentation, since I know the
user (i.e. me) has authenticated. clientAuth="true" in server.xml.

Anyone else out there had this problem, and more to the point found a
solution?

Cheers,

Graeme

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message