>> Hello,
>> 
>> I am using HttpServletRequest.login to authenticate users on an ajax
>> call.
>> This is working fine and the relevant realm is queried. However, on
>> subsequent requests, I have quite often the remote user being null
>> despite
>> having the correct JSESSION cookie set from the login call.
>> 
>> This is not happening always, but it is quite frequent. Interestingly, if
>> a
>> set an attribute in the session, that session and attributes are
>> preserved
>> in the subsequent requests.
>> 
>> Is there anything else that I should do to preserve authentication
>> information? It is very strange that this process is working
>> intermittently. As a workaround I am wrapping the request and overrides
>> the
>> getRemoteUser/getUserPrinciper/isUserInRole to get this information from
>> the information I am storing in the session, but I would prefer to have
>> this working without this workaround (for example the AccessLogValve does
>> not report the user correctly when using that workaround).

> Tomcat version?

> What authentication, if any, do you have configured in web.xml?

> Do you have any security constraints defined anywhere (annotations or 
> in web.xml)?

I was having this problem in tomcat 8.0.35. I did try to reproduce it on a
simpler setup on 8.0.37 and 8.5.5, but could not succeed... 

I'll try integrate my tests in my main app to see if I can reproduce it
then.

Cheers

Nicolas



--
View this message in context: 
http://tomcat.10.x6.nabble.com/HttpServletRequest-login-remoteUser-null-tp5054934p5055008.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to