Hi, I should probably clarify this. I have hacked the Tomcat 5 "RequestHeaderExample" servlet so that it prints out these values:
request.getAuthType(); request.getRemoteUser(); request.getUserPrincipal(); *but* they all print NULL. Even on the first "call" - no sessions involved (at least, I didn't *think* there re any sessions involved!) I have definately logged in, because Mozilla asked me if I would accept the server's certificate, and also asked me for the password to my private certificate store, and I set clientAuth="true" - so should be OK all round. Am I looking in the wrong place? I'm looking at the request object for info here... (probability > 0.9 this is the case) Cheers, Graeme -----Original Message----- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: 07 April 2004 21:26 To: 'Tomcat Users List' Subject: RE: request.getUserPrincipal(); Hi, how often do you invalidate your sessions? It's hard to imagine your application would expire a user's session right after he logs in. But take a look at the request header to see if the subsequent session ids are the same as the first one. Other than that, without more specific info on how you implemented the authentication, it's hard to figure out what's going on:). -Yan -----Original Message----- From: Winter, G (Graeme) [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 7:46 AM To: 'Tomcat Users List' Subject: request.getUserPrincipal(); Hi All, I am trying to perform client authentication using certificates, and I have made some progress - the certificates are now accepted as OK, which is nice. Obviously I am using https too... However, the sting is that the methods request.getAuthType(); request.getRemoteUser(); request.getUserPrincipal(); All return NULL, which is contrary to the documentation, since I know the user (i.e. me) has authenticated. clientAuth="true" in server.xml. Anyone else out there had this problem, and more to the point found a solution? Cheers, Graeme --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
