Hi all! I'm seeing some strange behavior with declarative security. I've got everything set up and working correctly under jboss-3.0.4_tomcat-4.1.12, when I access a protected resource, the login page is invoked, the container goes out to the database, looks up the user, sets up the session, and allows the user into the protected web page. The web page is a struts-tile, and the menu tile has a line at the top that indicates the user that is logged in (request.getRemoteUser()).
This works fine until I go to an unprotected part of the site. Suddenly, request.getRemoteUser() starts returning null!! Is it supposed to do that? Everything is still operational though, if I click back into a protected part of the site, the login is not performed, tomcat lets me into the page, and request.getRemoteUser() starts returning the username of the logged in user. I fear this is a bug in Tomcat 4.1.x, but I just wanted to make sure there wasn't some tricky part of the spec that I didn't know about. Any advice appreciated, have a great weekend. Brian -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
