-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/1/11 11:29 PM, oh...@cox.net wrote: > Also, BTW, I just did a test where, in the Apache httpd.conf, I > hard-coded REMOTE_USER header using RequestHeader. > > In my sniffer, I can see the REMOTE_USER set to the hard-coded > string, but in my test JSP on Tomcat, there getUserPrincipal() is > returning null. I've tried this test with 'tomcatAuthentication' > attribute in server.xml set to both "true" and "false", with the > same results :(... That rings a bell. I seem to recall that if the resource isn't protected by a <security-constraint> then getUserPrincipal will return null during that request. That may only be when Tomcat is doing it's own authentication, though. I suspect that if you (or the AJP connector) sets the principal in the request, it's there regardless of the authentication settings of Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7ZB4IACgkQ9CaO5/Lv0PD4+wCfYUpbHjASjkZ1NNSwRj1X1B2g yUUAoKs9V0PXp05T4hp6lucrcBAfNfdh =UwDd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
