The problem (in Tomcat) IS that getRemoteUser() doesn't return null. Tomcat does not support multiple logins. If you look at the code you will see that it does a getRemoteUser() and if not null and not authenticated by Tomcat, it bails.
I tried it on 4.0.3, as someone suggested, and it still fails with the same problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. > -----Original Message----- > From: Jason MacLane [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 24, 2002 5:31 AM > To: Tomcat Users List > Subject: Re: getRemoteUser(), getAuthType() returning empty string > instead of NULL? > > > Did someone find a solution ? We are stuck on the same problem. > > In fact, the problem is not really that the getRemoteUser() > returns an empty string instead of a null string : Normally, > when a user is already authenticated but is trying to access > to a ressource for which he is not in a valid role, the > server should open the login box a second time ; so even if > getRemoteUser() returns "" and that Tomcat considers it's the > user name, it should open the login box and not send a 403 error code. > > In fact, when I test the same web application on Tomcat 3.3, > it works (I mean I can identify myself on the login box) but > with Tomcat 4 it directly rejects me... > > > Every piece of info would help... > Regards. > > > > > >Scenario: > > > >(1) Browser -> http://TomcatHTTPServer:8080 (no authentication) > > > > > > > >getRemoteUser() and getAuthType() return NULL, as expected > > > > > > > >(2) Browser -> https://TomcatHTTPServer:8443 (no authentication) > > > > > > > >getRemoteUser() and getAuthType() return NULL, as expected > > > > > > > >(3) Browser -> https://IISServer:443(BASIC Auth) -> > ISAPI -> AJP13 > > > > > > > >getRemoteUser() returns authenticated user name, > > > >getAuthType() returns "Basic", as expected > > > > > > > >(4) Browser -> http://IISServer:80(NO Auth) -> ISAPI -> AJP13 > > > > > > > >getRemoteUser() and getAuthType() return "" (Empty String) > > > >This is NOT as expected, and causes Tomcat to reject the request > > > >because it thinks the request is already authenticated but > > > >doesn't match the requested page's realm. > > > > > > > >Is this: > > > > > > > >a) Working as specified? > > > >b) A bug in the ISAPI filter? > > > >c) A bug in Tomcat? > > > >d) Something else? > > > > > > > >Thanks in advance. > > > > > > > >-- > > > >James Garrison Athens Group, Inc. > > > >mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr > > > >http://www.athensgroup.com Austin, TX 78731 > > > >PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 > > > > > > > > > > Ignacio J. Ortega wrote: > > >De: James Garrison [mailto:[EMAIL PROTECTED]] > > >Enviado el: martes 23 de abril de 2002 18:48 > > > > > > > > > Needed more information, which Tomcat version?, post the > connector or > > > interceptor line for ajp13 prsent in your server.xml file.. > > > > > > > The Tomcat version is 4.0.2. Here's the Connector definition: > > > > > > <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" > > port="8009" minProcessors="5" maxProcessors="75" > > acceptCount="10" debug="0" > > tomcatAuthentication="false"/> > > > > > > The results are the same with tomcatAuthentication="true" and also > > when the tomcatAuthentication parameter is omitted. > > > > -- > > James Garrison Athens Group, Inc. > > mailto:[EMAIL PROTECTED] 5608 Parkcrest Dr > > http://www.athensgroup.com Austin, TX 78731 > > PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 > > -- > > _______________________________________________ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
