has nothing to do with recycle. Seems that the authentication in BasicAuthenticator only gets triggered in StandardHostValve#171 by callingĀ context.getPipeline().getFirst().invoke(request, response);
While the request listener already get triggered in StandardHostValve#167 by calling context.fireRequestInitEvent(request) I've now moved the OWB security stuff from a Listener to a Filter with ordering before=others Works for me, but still wonder what the spec wording defines. LieGrue, strub On Monday, 4 August 2014, 22:56, Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > > >Hmm > >did you debug in org.apache.catalina.connector.Request#recycle? > > >Romain Manni-Bucau >Twitter: @rmannibucau >Blog: http://rmannibucau.wordpress.com/ >LinkedIn: http://fr.linkedin.com/in/rmannibucau >Github: https://github.com/rmannibucau > > >2014-08-04 22:37 GMT+02:00 Mark Struberg <strub...@yahoo.de>: >> yea exactly. But the user IS authenticated! >> And later in the Filter getUserPrincipal() returns the correct Principal. >> But in the ServletRequestListener (invoked in the same request of course) it >> is null. >> Either it should always be null, or never! >> >> LieGrue, >> strub >> >> >> On Monday, 4 August 2014, 22:12, Jean-Louis MONTEIRO <jeano...@gmail.com> >> wrote: >> >> >>> >>> >>>oups thanks Romain >>> >>> >>>2014-08-04 22:09 GMT+02:00 Romain Manni-Bucau <rmannibu...@gmail.com>: >>> >>>> "Returns a java.security.Principal object containing the name of the >>>> current authenticated user. If the user has not been authenticated, >>>> the method returns null." >>>> >>>> >>>> Romain Manni-Bucau >>>> Twitter: @rmannibucau >>>> Blog: http://rmannibucau.wordpress.com/ >>>> LinkedIn: http://fr.linkedin.com/in/rmannibucau >>>> Github: https://github.com/rmannibucau >>>> >>>> >>>> 2014-08-04 22:04 GMT+02:00 Jean-Louis MONTEIRO <jeano...@gmail.com>: >>>> > It should return at least always a non null principal AFAIR, isn't it? >>>> > >>>> > >>>> > 2014-08-04 19:33 GMT+02:00 Mark Struberg <strub...@yahoo.de>: >>>> > >>>> >> Hi! >>>> >> >>>> >> I've recently found out that getUserPrincipal() returns null in a >>>> Listener >>>> >> [1]. >>>> >> I remember that this used to return the correct Principal in older >>>> >> versions (might be some time already). >>>> >> Also from reading the spec I assumed it should work. >>>> >> >>>> >> Any infos on this? >>>> >> >>>> >> LieGrue, >>>> >> strub >>>> >> >>>> >> >>>> >> [1] >>>> >> >>>> http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java >>>> >> >>>> > >>>> > >>>> > >>>> > -- >>>> > Jean-Louis >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: dev-h...@tomcat.apache.org > >>> >>>> >>>> >>> >>> >>>-- >>>Jean-Louis >>> >>> >>> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org > > > >
