On 12/09/2016 00:45, Nicolas Clemeur wrote: > Hello, > > I am using HttpServletRequest.login to authenticate users on an ajax call. > This is working fine and the relevant realm is queried. However, on > subsequent requests, I have quite often the remote user being null despite > having the correct JSESSION cookie set from the login call. > > This is not happening always, but it is quite frequent. Interestingly, if a > set an attribute in the session, that session and attributes are preserved > in the subsequent requests. > > Is there anything else that I should do to preserve authentication > information? It is very strange that this process is working > intermittently. As a workaround I am wrapping the request and overrides the > getRemoteUser/getUserPrinciper/isUserInRole to get this information from > the information I am storing in the session, but I would prefer to have > this working without this workaround (for example the AccessLogValve does > not report the user correctly when using that workaround).
Tomcat version? What authentication, if any, do you have configured in web.xml? Do you have any security constraints defined anywhere (annotations or in web.xml)? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
