>>No, I did it on purpose. >>It's a lot better to have the user set the behavior of the connector here.
I don't understand what you mean here. If you want tomcat to authenticate, and the userid is passed in, your code doesn't call setUserPrincipal. When the userid passed in is the empty string (not null) and you don't want Tomcat authentication, your code will set the user principal to an Ajp13Principal wrapping the empty string and Tomcat will generate the access denied (403) error when the user hits the page through the connector since the user principal will not be null, but will also be an invalid empty string userid. Did you test this code with the connector? //if ((!(((Ajp13Connector) connector).getTomcatAuthentication())) //&& (ajp.remoteUser() != null)) { //setUserPrincipal(new //Ajp13Principal(ajp.remoteUser().toString())); // } else { // setUserPrincipal(null); // } ____________________Reply Separator____________________ Subject: Re:cvs commit: jakarta-tomcat-connectors/jk/java/org/apache/ Author: "Tomcat Developers List" <[EMAIL PROTECTED]> Date: 2/15/2002 2:20 PM > It looks like you accidently removed the empty string check needed here for > ajp.RemoteUser (). > ajp.RemoteUser () should probably also be checked whether it is null before > calling toString. No, I did it on purpose. It's a lot better to have the user set the behavior of the connector here. Since you want TC to authenticate the users, you don't have to do anything. OTOH, if you want the native webserver to authenticate, you should set the 'tomcatAuthentication' attribute to 'false' on the Connector element. As pointed out by Nacho, it makes the connector predictable. Also, the check for ajp.remoteUser() being equal to null is there (but obviously, it's only needed when 'tomcatAuthentication' is false). Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ************************************************************************ This email and any files transmitted with it are for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. This email message has been swept by a virus software product for the presence of computer viruses. ************************************************************************* -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>