tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Strauß <t.stra...@srs-management.de>
Subject FormAuthentication Valve changes fail with RequestListeners?
Date Thu, 29 Mar 2012 16:29:15 GMT
Hi,

 

we have a web application using the FormAuthentication with Tomcat 7.0.11. 

 

The application provides it’s own realm, that is valid for the whole server
(configured in server.xml). The realm is based on datasource realm.

 

The application provides request listeners that rely on the
request.getPrincipal() method to obtain the logged on user. 

 

The request listener authenticates a service framework with the principal
from the request.

 

Tomcat 7.0.11 as stated above works with this design.

 

In Tomcat 7.0.26 this approach fails, because the requestlistener can no
longer obtain the principal using request.getPrincipal(). The call returns
null. A webpage (jsp) called after the listener as target of the request can
obtain the principal from the request as expected.

 

No configuration changes have been applied between 7.0.11 and 7.0.26.

 

Additionally we have experimented with various valve options, but did not
succeed.

 

We cannot explain this behavior and think it is a bug in Tomcat. 

 

Any help appreciated, as currently we cannot upgrade Tomcat due to this
issue.

 

Kind regards,

Thomas Strauß

SRS PaperDynamix® 
WE MAKE PAPER WORK

 

SRS-Management GmbH 
Berliner Ring 93

64625 Bensheim 
T +49 6251 85 424 - 20 
F +49 6251 85 424 - 14
M +49 174 2110912

 

 <http://www.srs-management.de> www.srs-management.de

 <http://www.srs-paperdynamix.de> www.srs-paperdynamix.de

 

HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß

 

 


Mime
View raw message