I believe that during restart of a context, all sessions get serialized to disk. but the serialization does not serialize the principal. You can try to file a bug for this, but I might be afraid that it may get shutdown because of security concerns
Filip > -----Original Message----- > From: Dan Allen [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 01, 2003 10:32 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: JDBCrealm drops user after manager reload > > > I am having a fairly painful problem here dealing with > authentication using the JDBCReam and container managed security. > In particular I am using securityfilter, but I seriously doubt that > this problem involves that application directly. > > If I use the default SecurityRealm that comes with the security > filter application, which just manual sets the userInRole and > getRemoteUser information, I can reload the context over and over > and never drop the user. When I use JDBCReam to handle users in a > database and I reload the context after logging in all the active > sessions loose their security principals and roles. The thing is, > all the session data is still there, working as normal. I get no > messages in the log files regarding a failure of any kind. > > In short: > > Why does a context reload kill the user principal information and > how can I fix it? > > To duplication: > > Grab securityfilter from securityfilter.sourceforge.net Log in out > of the box, reload the context and view the securePage.jsp again. > No problem. Now, change the realm to JDBCRealm, login, reload > the context and visit the securePage.jsp...aha, now it says you are > not logged in and takes you to the login page. > > Dan > > -- > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Daniel Allen, <[EMAIL PROTECTED]> > http://www.mojavelinux.com/ > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > "This is a test of the Emergency Broadcast System. If this had > been an actual emergency, do you really think we'd stick around > to tell you?" > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
