jfc100 wrote: > Hi, > > I am experiencing the exact same problem. Here is my post to the > struts list: > >> Hi, >> >> >> Has anyone encountered the following situation using form-based auth >> in catalina? >> >> >> 1. login successfully using 'j_security_check'; >> >> 2. the next request happens to be to an unsecured url (e.g. >> /do/frontpage >> (with no restrictions in web.xml) --> DispatchServlet --> user.frontpage >> (tiles)) ; 3. the request methods 'getUserPrincipal()', 'isUserInRole()' >> and 'getRemoteUser()' tell me the user is not logged in (in >> DispatchServlet)! >> >> (I'm using jboss244+tomcat401, struts1.0, tiles) >> >> >> I heard this might be an issue with jboss. >> >> >> Can anyone confirm? >> >> >> Joe >> >>> >>> I don't know how JBoss behaves, but this is exactly >>> how WebSphere behaves. >>> >>> -TP >>> >> > I have found the same using jb241a+tc323 as well as jb300RC2+tc403. > > I started looking at the tomcat code but I'm not sure I want to commit > the time it may take to understand the intricacies when someone else > may well have an answer. > > I'd like to know whether this is worth pursuing or if perhaps it is > better to sacrifice the declarative model for a role-your-own approach. > > Joe > >> From: Erwin Teseling Subject: Loosing identify when switching to >> non-protected webresource >> Date: Thu, 21 Feb 2002 15:57:12 +0100 >> >> I am using the combination of Tomcat/Jboss and am having problems >> when >> using webcontainer security (using j_security_check). >> >> I have some resource protected in my web.xml (using <security- >> contraint> >> tag). Now when I try to acces this resource Tomcat presents me my >> loginform and validates my identify. If this is correct I will gain >> access to the secured resource. So far so good. >> >> Now I have a custom tag that verifies the role in which I am to >> display >> some pages differently. My tag nicely detects the users identity >> (using >> getUserPrincipal() method). Now when I go to a non-secured jsp-page, >> my >> tag returns null on getUserPrincipal?!?! When I switch to a secured >> jsp-page it does work and I receive the correct identity. I have the >> same behaviour in servlets. >> >> I was not expecting this behaviour and I really need to be able to >> determine the identity on these non-secured resources (both servlets >> and >> jsp). It there a setting that makes Tomcat behave in this way and is >> there a way to change this behaviour. >> >> Thanks, >> Erwin >> > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > Correction, jb241a+tc323 = ok, jb243tc400 = ok, jb244tc323 = ok
Anything above these has the problem. Joe -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>