tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: FormAuthentication Valve changes fail with RequestListeners?
Date Fri, 30 Mar 2012 11:10:20 GMT
2012/3/30 Thomas Strauß <>:
> Hi,
> thank you for the information.
> We have not succeeded so far. I want to give you some more information what
> happens, the context.xml and the web.xml
> What we have changed versus the existing setup, working on 7.0.11
> - We have moved the login.jsp into the protection domain (was outside
> before). This did not remove the issue.
> - We have changed the preemptiveAuthentication setting. This did not remove
> the issue.
> This is the flow through the system that we can see:
> Client sends request to /portal
>        /portal is not protected
>        /portal/jsp/main.jsp is welcome page and protected (see web.xml)
>        portal context configures formauthentication on the protection
> domain
>        Tomcat redirects/forwards incoming call to /jsp/login.jsp (protected
> resource)
> FormAuthentication Valve is called
> Request Listener is called (expected: principal is null -> OK!)

What is stacktrace at this point inside the listener?
(e.g. (new Exception()).printStackTrace());

Maybe you can compare 7.0.26 and 7.0.11.

IIRC there was some refactoring with regards to where the valves are
placed and how listeners are called  In 7.0.22 changelog:

"Error handling and request listeners are now handled in the
StandardHostValve to ensure they wrap all Context level activity."

Maybe something was missed there.

> jsp/login.jsp is displayed, waiting for user
> User adds information, press submit
> Client sends request to j_security_check is initiated by browser with form
> data
> (something happens here?)
> Realm is called: Authentication succeeds, realm creates principal
>        Realm provides its own implementation of Principal Object
>        Realm uses different table-structure than original DataSource Realm
> (something happens here?)
> Request Listener is called (expected: principal is not null -> FAILS!)
> (something happens here?)
> jsp/main.jsp is called, principal in request is not null -> can be dumped to
> the JSP view
> Following here is the used context.xml
> (...)

BTW, if you want to run under debugger, the tips are here:

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message