tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Do any of the Tomcat LDAP-type realms support "no password" authentication?
Date Fri, 02 Dec 2011 17:14:42 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 12/1/11 11:29 PM, ohaya@cox.net wrote:
> Also, BTW, I just did a test where, in the Apache httpd.conf, I 
> hard-coded REMOTE_USER header using RequestHeader.
> 
> In my sniffer, I can see the REMOTE_USER set to the hard-coded 
> string, but in my test JSP on Tomcat, there getUserPrincipal() is 
> returning null.  I've tried this test with 'tomcatAuthentication' 
> attribute in server.xml set to both "true" and "false", with the
> same results :(...

That rings a bell. I seem to recall that if the resource isn't
protected by a <security-constraint> then getUserPrincipal will return
null during that request.

That may only be when Tomcat is doing it's own authentication, though.
I suspect that if you (or the AJP connector) sets the principal in the
request, it's there regardless of the authentication settings of Tomcat.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7ZB4IACgkQ9CaO5/Lv0PD4+wCfYUpbHjASjkZ1NNSwRj1X1B2g
yUUAoKs9V0PXp05T4hp6lucrcBAfNfdh
=UwDd
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message