tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Strauß <>
Subject FormAuthentication Valve changes fail with RequestListeners?
Date Thu, 29 Mar 2012 16:35:37 GMT
Ø  Resending the message because of problems with my digital signature.


we have a web application using the FormAuthentication with Tomcat 7.0.11.

The application provides it's own realm, that is valid for the whole server (configured in
server.xml). The realm is based on datasource realm.

The application provides request listeners that rely on the request.getPrincipal() method
to obtain the logged on user.

The request listener authenticates a service framework with the principal from the request.

Tomcat 7.0.11 as stated above works with this design.

In Tomcat 7.0.26 this approach fails, because the requestlistener can no longer obtain the
principal using request.getPrincipal(). The call returns null. A webpage (jsp) called after
the listener as target of the request can obtain the principal from the request as expected.

No configuration changes have been applied between 7.0.11 and 7.0.26.

Additionally we have experimented with various valve options, but did not succeed.

We cannot explain this behavior and think it is a bug in Tomcat.

Any help appreciated, as currently we cannot upgrade Tomcat due to this issue.

Kind regards,

Thomas Strauß

SRS PaperDynamix®

SRS-Management GmbH
Berliner Ring 93

64625 Bensheim
T +49 6251 85 424 - 20
F +49 6251 85 424 - 14
M +49 174 2110912<><>

HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message