tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: How to serialize user principal
Date Mon, 13 Sep 2010 19:20:13 GMT
Hash: SHA1


(Note the change in spelling of "principal". Principle is a notion or
laws or morals.)

On 9/13/2010 2:37 PM, Mohammad M. AbuZer wrote:
> I'm using tomcat 7.0.2 BETA, I used JDBCRealm, and I think it uses by
> default GenericPrinciple at org.apache.catalina.realm, which do not
> implement Serializable interface,

Note that the Principal itself is not stored as a session attribute, and
is therefore not "serialized" in the way you are thinking. Tomcat should
be able to persist the user's session information across a Tomcat
restart. I happen to witness that capability several times per day
personally (though in Tomcat 5.5 and 6.0, not 7.0).

Also, note that JDBCRealm has long bees associated with poor performance
due to it's use of a single Connection object for all authentication.
Consider using DataSourceRealm along with a connection pool instead.

Are you getting any errors in your log files? Usually, when a user's
session seems to expire "during" a Tomcat restart, it's because the
session itself is not serializable due to an object that application
code has carelessly inserted into the session. That usually emits an
error during session saving or re-loading.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message