I'm using Tomcat/4.0.4 with Apache 1.3.26 (mod_jk) on SuSE Linux 7.3 (without JBoss or struts).
Do you really get responses with the same session-id, but different results of getRemoteUser()? Andreas Mohrig -----Original Message----- From: jfc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 7:15 PM To: Tomcat Users List Subject: Re: tomcat4 + declarative security Andreas Mohrig wrote: >The answers are "yes" and "yes". You can determine the user's >"logged-in-ness" with a call to "request.getRemoteUser()", which should >return "null" if he is not and his name (login) otherwise. This should >always be the case, regardless of the currently requested resource having a >security-constraint or nor, but of course a login will only be demanded if >it has such a constraint. > >If you experience different behaviour, I will surely be interested to learn >about it. > >Andreas Mohrig >-----Original Message----- >From: jfc [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, August 21, 2002 1:26 PM >To: [EMAIL PROTECTED] >Subject: tomcat4 + declarative security > > >Hi, > >I have two questions regarding declarative security ( I use >JBoss2.4.x+Tomcat4.0 + struts1.1, on suse linux7.2 - ): > >1. Is tomcat 4 supposed to be able to distinguish previously >authenticated users from unauthenticated users? > > I assumed the answer to this question is yes because otherwise the >user would have to undergo the entire authentication process repeatedly >for each request that he submits within a single session. > >2. Is tomcat 4 supposed to be able to do the above (i.e. remember a >user's logged-in-ness) regardless of whether his current request was to >a secured resource? (again assume requests are within the same session). > >cheers >jfc > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > Right, well I have a situation where point 2 is not working. If I roll my versions back to bundle jb243+tc40, I get the predicted behaviour of which you speak. What version/s are you using? jfc -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
