Hello, I'm seeing something wierd with 4.1.24. If I access an unprotected resource after I am authenticated, I receive null from getUserPrincipal(). I am using the Coyote Http 1.1 connector, although I've tried it with the old catalina Http 1.1 connector.
Here's the test case: 1) access the unprotected servlet first you'll see "testing unprotected servlet. user is null" using either: http://localhost:8083/testing/unprotected or http://localhost:8080/testing/unprotected 2) access the protected servlet, you'll be challenged with the basic auth dialog and then see: "testing protected servlet. user is GenericPrincipal[tomcat]" using either: http://localhost:8083/testing/protected or http://localhost:8080/testing/protected 3) access the unprotected servlet, I still see: "testing unprotected servlet. user is null" access it the same as in #1 This should return the same as #2, but it doesn't. Can someone explain why?? and How can I workaround this problem?? I've been searching on the web, but www.mail-archive appears to be down. Brian Using Tomcat 4.1.24 standalone with the memory realm. Here's my abbreviated conf/tomcat-users.xml: <?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="editor"/> <user username="tomcat" password="tomcat" roles="editor"/> </tomcat-users> The get methods of my two servlets (protected and unprotected) unprotected servlet's doGet: PrintWriter out = res.getWriter(); out.println("testing unprotected servlet"); out.print("user is "); Principal p = req.getUserPrincipal(); out.print(p); protected servlet's doGet: PrintWriter out = res.getWriter(); out.println("testing protected servlet"); out.print("user is "); Principal p = req.getUserPrincipal(); out.print(p); Here's my web.xml file: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"; > <web-app> <display-name>testing</display-name> <description>Test Unsecured Pages App</description> <servlet> <servlet-name>protected</servlet-name> <servlet-class>com.paraware.test.TestServlet</servlet-class> </servlet> <servlet> <servlet-name>unprotected</servlet-name> <servlet-class>com.paraware.test.TestServlet2</servlet-class> </servlet> <servlet-mapping> <servlet-name>protected</servlet-name> <url-pattern>/protected</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>unprotected</servlet-name> <url-pattern>/unprotected</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Secure Servlets</web-resource-name> <description>Files secured for testing</description> <url-pattern>/protected</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description>Editors</description> <role-name>editor</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <description>Page Editors</description> <role-name>editor</role-name> </security-role> </web-app> And from the server.xml: <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="4" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true" /> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8009" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="0" useURIValidationHack="false" protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> <Connector className="org.apache.catalina.connector.http.HttpConnector" port="8083" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" /> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
