tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Väänänen" <janne.vaana...@eventizer.com>
Subject javax.security.auth.subject disappears
Date Mon, 17 May 2004 09:11:51 GMT
Hi,

I'm running tomcat 5 with -security option and I'm using JAAS login module.
In the jsp pages in first request after I have identified my self Subject is null.
When I hit refresh (second request) Subject is correct subject with principals etc.
But after that in all requests Subject is empty, no principals etc.

I use follwing code to get Subject:
 AccessControlContext acc = AccessController.getContext();
 Subject sub = Subject.getSubject(acc);

I checked tomcat src code that it uses javax.security.auth.subject attribute to store Subject
in session.
CoyoteRequest.java

    public void setUserPrincipal(Principal principal) {

        if (System.getSecurityManager() != null){
            HttpSession session = getSession(false);
            if ( (subject != null) && 
                 (!subject.getPrincipals().contains(principal)) ){
                subject.getPrincipals().add(principal);         
            } else if (session != null &&
                        session.getAttribute(Globals.SUBJECT_ATTR) == null) {
                subject = new Subject();
                subject.getPrincipals().add(principal);         
            }
            if (session != null){
                session.setAttribute(Globals.SUBJECT_ATTR, subject);
            }
        } 

        this.userPrincipal = principal;
    }

I guess that session.getAttribute(Globals.SUBJECT_ATTR) is somehow null after second request..
Any ideas what is causing this and how can I fix it?



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message