Hi,
my problem is a bit complicate and I hope someone has enough courage to find an
answer :-).
First I try to explain what I want to do:
I am running an JAAS-Realm with FORM authentication. As known this can only
passes username and credential. Now, I was trying to pass the current IP address
of the user too. The only solution that I found was to overwrite the
org.apache.catalina.realm.JAASRealm class and catch the IP address of the user
using one of the methods which provide a request object, like this.
public SecurityConstraint[] findSecurityConstraints(Request request, Context
context) {
HttpServletRequest req = request; // catch Request
session = req.getSession(); // catch session
ipAddress = req.getRemoteAddr();
The problem:
In a first try this seems to work. But if more then one client try to use the
authentication, it catches the last IP address of the user who makes a request
and not the IP address of the current client I like to authenticate:
1) client A sends a request to the protected site
2) client A authenticate with username/password
3) At the same time client B sends a request to the protected site
4) JAASRealm will be started and calls req.getRemoteAddr()
5) JAASRealm gets the IP address from client B
So, the req.getRemoteAddr() seems to catch the information outside of the
current thread and I don't know why. Have someone an idea?
Thanks!
-- Franck
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
