tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kazuhito SUGURI <>
Subject Re: Cactus Authentication problem with Tomcat > 5.5.20
Date Fri, 28 Sep 2007 11:39:40 GMT
Hi Nicolas,

I believe I have successfully re-produced your problem
in my environment.

In article <>,
Mon, 24 Sep 2007 12:47:27 +0000 (UTC),
Nicolas Clemeur <> wrote: 
nclemeur> I am having some difficulties to setup cactus tests using 
nclemeur> tomcat > 5.5.20 (Everything works fine with 5.5.20). 
nclemeur> I am using form authentication in cactus tests (as described
nclemeur>  on the cactus web site). When I look at the generated request,
nclemeur> I get the authentication layer called with all the parameters
nclemeur> needed for the test (service name, class,...), but when the 
nclemeur> request for the actual test is generated it is missing all the
nclemeur>  parameters to run the test. So I am suspecting something must
nclemeur>  have change in tomcat (nothing has changed in the cactus 
nclemeur> environment) in the way the authentication calls are handled
nclemeur>  in tomcat post 5.5.20 (I have tried 5.5.23 and 5.5.25). 

I reviewed the difference between source codes of Tomcat
of versions 5.5.20 and 5.5.23.
My understanding at this moment is as follows:
	It seems behavior of Tomcat have been changed so that
	the request just after the authentication (i.e. j_security_check)
	would be replaced by a cached request which did arise
	the authentication.

	The FormAuthentication class of Cactus sends a request
	without parameter for an authentication (i.e. to obtain
	a JSESSIONID which is associated with the user principal).
	Tomcat caches the request and would replace the next request
	(just after the authentication) internally by the cached one,
	even if the client-side of Cactus sent the request with
	parameters to run test. Then, the ServletRedirectorSecure
	receives the cached-request without parameters
	which causes an error.

As the behavior cannot be controled by some configuration of Tomcat,
Cactus should be changed to adopt.

I have modified the FormAuthentication class so that
the form authentication would work with both Tomcat 5.5.20
and 5.5.23.

I'll post the (dirty ;-<) code later.
Kazuhito SUGURI

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message