tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Franck Borel <>
Subject Loosing Session-ID with JAAS
Date Tue, 21 Feb 2006 11:53:17 GMT

I would like to forward error messages from the Login-Module (JAAS) to
my login-error.jsp site. To do this I create a own JAASRealm class that
override SecurityContraint method. In this method I placed a
this.request = request, so that I can use request.getSession.getID() and
request.getSession().setAttribute(<refname>, message) to forward the
message to the login-error.jsp site. I placed in the login-error.jsp
site <%= session.getAttribute(<refname>) %>.

Here are the first lines from my JAASRealm (I called it JAARSRealm):

public class JAARSRealm extends JAASRealm {
private Request request	= null;
private static final String ERRMSG = null;
public SecurityConstraint [] findSecurityConstraints(Request request,
Context context) {
  this.request = request;
  return super.findSecurityConstraints(request, context);

public void setErrorMsg(String message) {
  if(message.length() != 0){
	HttpSession session = request.getSession(true);
	session.setAttribute(ERRMSG, message);

So, now the problem:
My JAAS class is loosing the session after the validation of the current
user. Initially the session is there: If I log the request befor the
validation the session is appearing. But when I try to get the current
session after the validation in my setErrorMsg method sometimes I get
the session and sometimes not.
To make some more confusions: On my develope environment it works fine,
but not with all browsers. On the deployment environment it doesn't
work. I must makes two or more entries to get a error message.

So, is this a Tomcat bug (problem of timing)? Or are there some
configuration I must do (server.xml, web.xml) to make this work?


- Franck

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message