Bug report #752 has just been filed. You can view the report at the following URL: <http://znutar.cortexity.com/BugRatViewer/ShowReport/752> REPORT #752 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical Confidence: public Environment: Release: Tomcat 3.2.1 JVM Release: 1.2.1_04 Operating System: Solaris OS Release: ??? Platform: SPARC Synopsis: User Principal incorrectly Maintained Description: I'm using the JDBCRealm and everything seems to work OK, but I'm actually dynamically generating info not just on the Role (which works fine), but the user itself. I'm getting the current user by calling request.getUserPrincipal().getName(). I have a user jim and jones both in the same role. If I log in as jim first, then the principal returns jim even if I log out (change or close the browser) and then log in as jones. You can see (below) that the realm is fine and shows the correct user logged in and authenticated with the correct role, but then at the bottom when I call request.getUserPrincipal().getName() I don't get the correct user. 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Authentication successful for user jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, user=jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Controled access for jones R( /bow + /reviewer/images/favB.gif + null) Ct ( ) 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, first role=BOWReviewer 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Authentication successful for user jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, user=jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Controled access for jones R( /bow + /reviewer/images/bow.gif + null) Ct ( ) 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, first role=BOWReviewer 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Authentication successful for user jones 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Auth ok, user=jones 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Controled access for jones R( /bow + /reviewer/review.do + null) Ct (action(org.apache.struts.action.ActionServlet/null) ) 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Auth ok, first role=BOWReviewer *** Current User Principal: jimTitle: BugRat Report # 752
BugRat Report # 752
Project: Tomcat | Release: Tomcat 3.2.1 |
Category: Bug Report | SubCategory: New Bug Report |
Class: swbug | State: received |
Priority: high | Severity: critical |
Confidence:
public
|
Submitter:
David Winterfeldt ( [EMAIL PROTECTED] )
Date Submitted:
Jan 12 2001, 11:25:46 CST
Responsible:
Z_Tomcat Alias ( [EMAIL PROTECTED] )
- Synopsis:
- User Principal incorrectly Maintained
- Environment: (jvm, os, osrel, platform)
- 1.2.1_04, Solaris, ???, SPARC
- Additional Environment Description:
- Report Description:
- I'm using the JDBCRealm and everything seems to work OK, but I'm actually dynamically generating info not just on the Role (which works fine), but the user itself. I'm getting the current user by calling request.getUserPrincipal().getName(). I have a user jim and jones both in the same role. If I log in as jim first, then the principal returns jim even if I log out (change or close the browser) and then log in as jones. You can see (below) that the realm is fine and shows the correct user logged in and authenticated with the correct role, but then at the bottom when I call request.getUserPrincipal().getName() I don't get the correct user. 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Authentication successful for user jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, user=jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Controled access for jones R( /bow + /reviewer/images/favB.gif + null) Ct ( ) 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, first role=BOWReviewer 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Authentication successful for user jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, user=jones 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Controled access for jones R( /bow + /reviewer/images/bow.gif + null) Ct ( ) 2001-01-12 11:36:26 - ContextManager: JDBCHashRealm: Auth ok, first role=BOWReviewer 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Authentication successful for user jones 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Auth ok, user=jones 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Controled access for jones R( /bow + /reviewer/review.do + null) Ct (action(org.apache.struts.action.ActionServlet/null) ) 2001-01-12 11:36:44 - ContextManager: JDBCHashRealm: Auth ok, first role=BOWReviewer *** Current User Principal: jim
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]