tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: FormAuthentication Valve changes fail with RequestListeners?
Date Fri, 30 Mar 2012 11:10:20 GMT
2012/3/30 Thomas Strauß <t.strauss@srs-management.de>:
> Hi,
>
> thank you for the information.
>
> We have not succeeded so far. I want to give you some more information what
> happens, the context.xml and the web.xml
>
> What we have changed versus the existing setup, working on 7.0.11
> - We have moved the login.jsp into the protection domain (was outside
> before). This did not remove the issue.
> - We have changed the preemptiveAuthentication setting. This did not remove
> the issue.
>
> This is the flow through the system that we can see:
>
> Client sends request to /portal
>
>        /portal is not protected
>        /portal/jsp/main.jsp is welcome page and protected (see web.xml)
>        portal context configures formauthentication on the protection
> domain
>        Tomcat redirects/forwards incoming call to /jsp/login.jsp (protected
> resource)
>
> FormAuthentication Valve is called
> Request Listener is called (expected: principal is null -> OK!)

What is stacktrace at this point inside the listener?
(e.g. (new Exception()).printStackTrace());

Maybe you can compare 7.0.26 and 7.0.11.


IIRC there was some refactoring with regards to where the valves are
placed and how listeners are called  In 7.0.22 changelog:

"Error handling and request listeners are now handled in the
StandardHostValve to ensure they wrap all Context level activity."

Maybe something was missed there.

> jsp/login.jsp is displayed, waiting for user
> User adds information, press submit
> Client sends request to j_security_check is initiated by browser with form
> data
>
> (something happens here?)
>
> Realm is called: Authentication succeeds, realm creates principal
>        Realm provides its own implementation of Principal Object
>        Realm uses different table-structure than original DataSource Realm
>
> (something happens here?)
>
> Request Listener is called (expected: principal is not null -> FAILS!)
>
> (something happens here?)
>
> jsp/main.jsp is called, principal in request is not null -> can be dumped to
> the JSP view
>
>
> Following here is the used context.xml
> (...)
>

BTW, if you want to run under debugger, the tips are here:
https://wiki.apache.org/tomcat/FAQ/Developing#Debugging

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message