tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Return from getRemoteUser and isUserInRole Inconsistent
Date Mon, 25 Jan 2010 22:37:30 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Doug,

On 1/25/2010 4:59 PM, Fulford, William wrote:
> Attached are the relevant sections from the server.xml and web.xml,
> respectively.

This mailing list often strips attachments. Could you copy/paste
relevant sections into your next post? It's important to know what
authentication you are using and what the security constraints look
like. It would also be nice to see a few examples of URLs that your web
pages are trying to access.

> I'm using DWR to call Java methods in HttpServletInfo (a class I
> wrote) from a JavaScript using ExtJs:
> 
> ...
> 
> HttpServletInfo.getRemoteUser(function(user) { ... };
> 
> ...
> 
> HttpServletInfo.isUserInRole("tgirs", function(isInRole) { ... };
> 
> ...

The above doesn't have any information that's really useful to me, at
least not now. :(

> These are called every time my page is loaded (Ext.onReady).
> 
> I've tried with or without restarting Firefox, with or without
> restarting Tomcat, and via <ctrl>-<shift> Reload (Reload that clears
> private data).  The only consistency is that, after restarting
> Tomcat, the user name is returned, and isInRole is false.  Otherwise
> the results are inconsistent.

So, the function HttpServletInfo.getRemoteUser above returns
inconsistent results, or HttpServletRequest.getRemoteUser returns
inconsistent results?

...and if you just sit on the same page, repeatedly reloading the page,
HttpServletRequest.getRemoteUser and HttpServletRequest.isUserInRole
(for the same value every time) return essentially random results?

If it's the functions above that return random stuff, I'd look at those.
If it's Tomcat's implementation of those methods that appears to be
broken, then we'd have a lot of users out there storming the castle with
torches and pitchforks.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkteHSoACgkQ9CaO5/Lv0PBATQCeP4jBBqXuMOA18ePdejyUbcqR
N28AoJcWuvnpAJYCK2V7zhmz7iRSYaeI
=w7CV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message