Bugs item #471225, was opened at 2001-10-15 00:29 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376685&aid=471225&group_id=22866
Category: CatalinaBundle Group: v2.4 (stable) >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Scott M Stark (starksm) Summary: HTTP403 caused by multi simultaneous req Initial Comment: OS: Win2K JDK: 1.3 JBoss: 2.4.3 with embedded Tomcat 4.0 I experience a problem with security and multi- threading in Tomcat 4.0. After login, I have a page that contains links to other pages. One link will go to a jsp that performs a long process. If I click on this link and then immediately click on another, I got HTTP 403 error. To reproduce this problem, 1. setup JAAS users and roles used by the "other" security domain. Create a user "tomcat" with role "tomcat". If you are using org.jboss.security.auth.spi.UsersRolesLoginModule for the "other" domain, then refer to the users.properties and roles.properties compressed in the attached WAR file. 2. download and deploy the attached WAR app. 3. go to http://localhost:8080/testwar/protected/index.jsp. 4. login as the user tomcat. 5. click on the "Long" link on the index.jsp 6. before the response comes back from the server, click on the "Short" link. 7. you should get the HTTP 403 error. ---------------------------------------------------------------------- >Comment By: Scott M Stark (starksm) Date: 2001-11-10 23:58 Message: Logged In: YES user_id=175228 This is due to a new caching behavior implemented by the org.apache.catalina.authenticator.AuthenticatorBase class. The EmbeddedCatalinaServiceSX class disables the cache so that the request thread is authenticated to have the valid Subject associated with the thread so that authorization using the Subject roles can be performed. This change will be in 2.4.4. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376685&aid=471225&group_id=22866 _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
