DO NOT REPLY [Bug 36057] New: - The method 'getUserPrincipal()' in class 'org.apache.catalina.connector.Request' returns a not null value after the session has been invalidated and/or recreated
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36057. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36057 Summary: The method 'getUserPrincipal()' in class 'org.apache.catalina.connector.Request' returns a not null value after the session has been invalidated and/or recreated Product: Tomcat 5 Version: 5.5.9 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] When you invalidate the session with a call to the method 'session.invalidate()' and/or recreate it with a call to the method 'request.getSession(true)', a call to the method 'request.getUserPrincipal()' continues to return a not null value just after. To solve this problem, I think you should reinitialize the value of the field 'userPrincipal' to 'null' in the method 'doGetSession(boolean create)' of the class 'org.apache.catalina.connector.Request' when the parameter 'create' is equal to 'true'. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 36057] - The method 'getUserPrincipal()' in class 'org.apache.catalina.connector.Request' returns a not null value after the session has been invalidated and/or recreated
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36057. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36057 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2005-08-06 21:25 --- Section 12.5.3.1 of the servlet spec is clear that the logout of a Form-auth user by invalidating the session applies to subsequent requests only. If you need this fuctionality in your webapp, you can easily get it by wrapping the Request at the same time that you invalidate the session. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getUserPrincipal
Hi all, Why are getUserPrincipal and getRemoteUser returnnig null? I know that they are supposed to return null if the user is not authenticated. What does that mean exactly? I have Tomcat running locally on my machine. What does 'authentication' mean in my context? Thanks RA -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Question about getUserPrincipal...
Hi, I posted this question first on tomcat-users, but with no responses. I'm hoping one of you guys will be able to answer this question. I have been using Tomcat 3.1 in the past, and have been using the getUserPrincipal().getName() method to determine who has logged in. I was using apache basic authentication, then using the mod_jserv connector to forward requests to tomcat. I have now installed Tomcat 3.3m4, and am using mod_jk. However, it now appears that getUserPrincipal() returns null (while getRemoteUser() still works). Is there a way I can get the getUserPrincipal() method to return a valid Principal object based on the Rmote User? I poked around a bit in the source code, and it looks like the code that used to set the principal user has been removed (it used to set it based on the remote user). I'm guessing that know it is the responsibility of an interceptor to set the user principal, but is there any easy way to do this? Any help would be appreciated. Thanks, Bryan
fix for bug 558, getUserPrincipal returns wrong user
I just entered bug 558, but the bug tool ignored the text in the "how to reproduce" and "workaround" fields, which included my suggested bug fix: How to reproduce: Access the jsp/security/protected/index.jsp example then access it again as a different user. getRemoteUser and getUserPrincipal won't match for the 2nd request. To fix the bug: In the initRequest() method of tomcat/core/RequestImpl.java add the line principal = null; in with everything else that gets reset. Brian Moore
