>> Hello, >> >> I am using HttpServletRequest.login to authenticate users on an ajax >> call. >> This is working fine and the relevant realm is queried. However, on >> subsequent requests, I have quite often the remote user being null >> despite >> having the correct JSESSION cookie set from the login call. >> >> This is not happening always, but it is quite frequent. Interestingly, if >> a >> set an attribute in the session, that session and attributes are >> preserved >> in the subsequent requests. >> >> Is there anything else that I should do to preserve authentication >> information? It is very strange that this process is working >> intermittently. As a workaround I am wrapping the request and overrides >> the >> getRemoteUser/getUserPrinciper/isUserInRole to get this information from >> the information I am storing in the session, but I would prefer to have >> this working without this workaround (for example the AccessLogValve does >> not report the user correctly when using that workaround).
> Tomcat version? > What authentication, if any, do you have configured in web.xml? > Do you have any security constraints defined anywhere (annotations or > in web.xml)? I was having this problem in tomcat 8.0.35. I did try to reproduce it on a simpler setup on 8.0.37 and 8.5.5, but could not succeed... I'll try integrate my tests in my main app to see if I can reproduce it then. Cheers Nicolas -- View this message in context: http://tomcat.10.x6.nabble.com/HttpServletRequest-login-remoteUser-null-tp5054934p5055008.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
