Andreas Mohrig wrote: >I'm using Tomcat/4.0.4 with Apache 1.3.26 (mod_jk) on SuSE Linux 7.3 >(without JBoss or struts). > >Do you really get responses with the same session-id, but different results >of getRemoteUser()? > >Andreas Mohrig >-----Original Message----- >From: jfc [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, August 21, 2002 7:15 PM >To: Tomcat Users List >Subject: Re: tomcat4 + declarative security > > >Andreas Mohrig wrote: > >>The answers are "yes" and "yes". You can determine the user's >>"logged-in-ness" with a call to "request.getRemoteUser()", which should >>return "null" if he is not and his name (login) otherwise. This should >>always be the case, regardless of the currently requested resource having a >>security-constraint or nor, but of course a login will only be demanded if >>it has such a constraint. >> >>If you experience different behaviour, I will surely be interested to learn >>about it. >> >>Andreas Mohrig >>-----Original Message----- >>From: jfc [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, August 21, 2002 1:26 PM >>To: [EMAIL PROTECTED] >>Subject: tomcat4 + declarative security >> >> >>Hi, >> >>I have two questions regarding declarative security ( I use >>JBoss2.4.x+Tomcat4.0 + struts1.1, on suse linux7.2 - ): >> >>1. Is tomcat 4 supposed to be able to distinguish previously >>authenticated users from unauthenticated users? >> >> I assumed the answer to this question is yes because otherwise the >>user would have to undergo the entire authentication process repeatedly >>for each request that he submits within a single session. >> >>2. Is tomcat 4 supposed to be able to do the above (i.e. remember a >>user's logged-in-ness) regardless of whether his current request was to >>a secured resource? (again assume requests are within the same session). >> >>cheers >>jfc >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: >><mailto:[EMAIL PROTECTED]> >> >>-- >>To unsubscribe, e-mail: >> ><mailto:[EMAIL PROTECTED]> > >>For additional commands, e-mail: >> ><mailto:[EMAIL PROTECTED]> > >> >Right, well I have a situation where point 2 is not working. If I roll >my versions back to bundle jb243+tc40, I get the predicted behaviour of >which you speak. > >What version/s are you using? > >jfc > > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > The answer is yes.
Can I email you my tomcat 'demo-auth-prob' war file?(which utilizes users.properties and roles.properties - so it shows the problem without referring to jboss). If you need the src, I can email it too. jfc -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
