tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From FR <>
Subject How to figure out if a user is authenticated when using single sign on?
Date Tue, 22 Apr 2008 22:05:42 GMT
I recently attempted to upgrade our sites from tomcat 5.5.17, and at
some point the behavior of request.getUserPrincipal() changed so it
now returns null for all URLs except those declared to require
authentication.  (Actually, it seems like the behavior was changed
long before 5.5.17, but regressed then was fixed again).  That
completely sucks and seems completely contrary to what the servlet
javadoc implies, but whatever, deal with it or write my own container,
I guess.

The standard workaround mentioned is to place user information in
session, but that won't work across webapps using Single Sign On.  I
have a bunch of webapps, only one of which is protected and requires
login, the rest work fine without logging in, but display different
information when the user is logged in.  This worked great when
getUserPrincipal returned a Principal on every URL after login, but I
can't figure out any way to do it now.  I can just pass the userid
around in every URL, but that seems... not good... and involves
changing a lot of links.

 Is there any way of seeing if a user has been authenticated (and get
their username) that works across webapps?

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message