Salut David,
thanks very much for your answer!
public SecurityConstraint[] findSecurityConstraints(Request request,
Context context) {
HttpServletRequest req = request; // catch Request
session = req.getSession(); // catch session
ipAddress = req.getRemoteAddr();
The problem:
In a first try this seems to work. But if more then one client try to
use the authentication, it catches the last IP address of the user who
makes a request and not the IP address of the current client I like to
authenticate:
So, the req.getRemoteAddr() seems to catch the information outside of
the current thread and I don't know why. Have someone an idea?
req.getRemoteAddres() will get the address of that specific request,
it's isolated from other simultaneous request, or lots of people would
start getting problems using it.
I would be more enclined to take a look
at where you are defining the session and ipAddress properties, it looks
like they are class or instance level, where it's mandatory that Realm
be ThreadSafe and stateless.
This sounds like as my problem seems to be elsewhere as I supposed. I have no
idea where I should tell tomcat to keep the thread statefull. I tried to set
some page directives on my login.jsp:
<%@ session="true %> (which I think is standard)
<%@ isThreadsafe="false" %>
This doesn't help. Of course, it can't work, cause the Realm is a valve and
therefore the Realm is the part who calls the login.jsp page and the directives
of the page appears, in manner of speaking, "to late".
How can I tell the Realm to get ThreadSafe? Or have I missunderstood something?
-- Franck
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
