"Craig R. McClanahan" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > On Fri, 16 Aug 2002, Scott Dayberry wrote: > > > Date: Fri, 16 Aug 2002 11:11:53 -0600 > > From: Scott Dayberry <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > > Subject: RE: getRemoteUser() reset to null after authenticated user hits > > an unauthorized page > > > > Thanks for your response. I was hoping it wasn't a bug in 3.2.3, but rather > > a configuration problem, or that a workaround existed. :*) Does this bug > > exist in 3.3.1? > > > > I haven't got a clue ... I've never used 3.3 for anything. I'm sure > others here can speak to that.
You've never wanted to run Tomcat under J2ME on you toaster? ;-) getRemoteUser() works as expected under 3.3.1. > > > I've been reluctant to upgrade to Tomcat 4 due to potential installation and > > compatibility issues with Apache 1.3.X, mod_jk.so, on both Solaris 2.6 and > > 2.8. Is this combination a clean upgrade on both OS's? > > > > Likewise, you're better off asking some of the other folks who use the web > connectors, but my impression is that it should work well for you. As much as I hate to admit it, Craig is probably right. The Java side of the 4.x connectors are compatible with the 3.x binary Apache modules. In theory you can install your favorite version of 4.0.x without changing anything on the Apache side, and install 4.1.x with only slight changes on the Tomcat side. > > Craig > > > > > > -----Original Message----- > > > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, August 16, 2002 10:30 AM > > > To: Tomcat Users List > > > Subject: Re: getRemoteUser() reset to null after > > > authenticated user hits > > > an unauthorized page > > > > > > > > > > > > > > > On Fri, 16 Aug 2002, Scott Dayberry wrote: > > > > > > > Date: Fri, 16 Aug 2002 09:31:38 -0600 > > > > From: Scott Dayberry <[EMAIL PROTECTED]> > > > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > > > To: [EMAIL PROTECTED] > > > > Subject: getRemoteUser() reset to null after authenticated > > > user hits an > > > > unauthorized page > > > > > > > > I am using form-based authentication under Tomcat 3.2.3. > > > > > > > > I have 3 security-constraint sections in web.xml for 3 > > > different user roles. > > > > If an already authenticated user selects a page to which he is not > > > > authorized, he is redirected to the form-error-page (I > > > thought this should > > > > be a 403-Forbidden error instead), and his authentication > > > is invalidated. > > > > (A getRemoteUser() call returning null at this point verifies this). > > > > > > > > The implication of this, is that he can no longer select > > > any pages that he > > > > IS authorized for, and must re-login. Is this a known bug > > > with Tomcat 3.2.3, > > > > expected behavior, or is there a configuration setting I am missing? > > > > > > > > > > Sounds like a bug in 3.2.3 (which is pretty ancient, by the > > > way). I think > > > 3.2.3 also failed to return getRemoteUser() correctly when you > > > successfully log on, and then navigate to a URL not protected by a > > > security constraint. Tomcat 4.0 and 4.1 handle that > > > situation correctly. > > > > > > > Thanks in advance, > > > > Scott > > > > > > > > > > Craig > > > > > > > > > > > > > > -- > > > > To unsubscribe, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > > For additional commands, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > For additional commands, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
