tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <>
Subject Re: request.login() not persistent
Date Thu, 05 Apr 2012 04:44:15 GMT

Good question on the version.  But I'm not sure how to tell.  Both servers
are in a directory named Tomcat 7.0.  But I can't remember if that was the
default or if I forced that name.  Where can I look in the install
directory to find the version?  I do know that I installed both servers
around  the first of December 2011.  I haven't updated since then.

You mentioned there were some known problems with using
getUserPrincipal().  It might be related.  However, I was only using
getUserPrincipal() for debug purposes to show whether I was logged on or
not.  The real symptom of the problem was after logging on successfully and
redirecting to another page, the login form page pops up forcing a second
login.  If it's all tied together, then fine.  But if the problem you
referenced only had to do with results of getUserPrincipal and nothing
else, I doubt it is related to my problem.

If there is a newer version since December, and there are known fixes in
this area, I'll go ahead and upgrade.  But I really don't want to update
and risk more instability unless there is reason to believe upgrading will
fix the problem.



On Wed, Apr 4, 2012 at 7:49 PM, Christopher Schultz <> wrote:

> Hash: SHA1
> Jerry,
> On 4/4/12 5:31 PM, Jerry Malcolm wrote:
> > I am using TC 7.0 on a couple of servers.
> 7.0.what?
> There have been a bunch of questions about authentication and
> authorization lately involving a (somewhat) recent change when
> resources aren't protected buy a <security-constraint> and are calling
> request.getPrincipal().
> - -chris
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools -
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAk987CwACgkQ9CaO5/Lv0PD9cgCgnzLbeVE97a+vPw0SWsafDpCT
> e9sAoKYPJWqf86mkd7JtbBNDkrv2Wuwb
> =K8KQ
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message