tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <>
Subject Re: Problems with JAAS-Realm
Date Fri, 21 Sep 2007 08:31:09 GMT
En l'instant précis du 21/09/07 10:09, Franck Borel s'exprimait en ces
>  public SecurityConstraint[] findSecurityConstraints(Request request,
> Context context) {
>         HttpServletRequest req = request;    // catch Request
>         session = req.getSession();          // catch session
>         ipAddress = req.getRemoteAddr();
> The problem:
> In a first try this seems to work. But if more then one client try to
> use the authentication, it catches the last IP address of the user who
> makes a request and not the IP address of the current client I like to
> authenticate:
> So, the req.getRemoteAddr() seems to catch the information outside of
> the current thread and I don't know why. Have someone an idea?
req.getRemoteAddres() will get the address of that specific request,
it's isolated from other simultaneous request, or lots of people would
start getting problems using it. I would be more enclined to take a look
at where you are defining the session and ipAddress properties, it looks
like they are class or instance level, where it's mandatory that Realm
be ThreadSafe and stateless.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message