Hi,
we have a web application using the FormAuthentication with Tomcat 7.0.11. The application provides its own realm, that is valid for the whole server (configured in server.xml). The realm is based on datasource realm. The application provides request listeners that rely on the request.getPrincipal() method to obtain the logged on user. The request listener authenticates a service framework with the principal from the request. Tomcat 7.0.11 as stated above works with this design. In Tomcat 7.0.26 this approach fails, because the requestlistener can no longer obtain the principal using request.getPrincipal(). The call returns null. A webpage (jsp) called after the listener as target of the request can obtain the principal from the request as expected. No configuration changes have been applied between 7.0.11 and 7.0.26. Additionally we have experimented with various valve options, but did not succeed. We cannot explain this behavior and think it is a bug in Tomcat. Any help appreciated, as currently we cannot upgrade Tomcat due to this issue. Kind regards, Thomas Strauß SRS PaperDynamix® WE MAKE PAPER WORK SRS-Management GmbH Berliner Ring 93 64625 Bensheim T +49 6251 85 424 - 20 F +49 6251 85 424 - 14 M +49 174 2110912 <http://www.srs-management.de> www.srs-management.de <http://www.srs-paperdynamix.de> www.srs-paperdynamix.de HRB 25262 AG Darmstadt Geschäftsführer: Detlev Homilius, Thomas Strauß
smime.p7s
Description: S/MIME cryptographic signature
