Caldarale, Charles R a écrit :
>> From: Pierrick Terrettaz [mailto:[EMAIL PROTECTED]
>> Subject: realm login and user session are not the same
>>
>> When a user logs in through the realm authentification
>> FORM method in the website, the username and login are
>> well checked but the user come in with the session of
>> an other user with roles of this other user.
>
> This is almost certainly a problem in your webapp. It's usually caused
> by storing request- or session-specific references in the wrong scope
> (e.g., placing a reference to the current request in a servlet instance
> or static field).
>
> - Chuck
>
We will check in our code if there is any such references.
We are also using a ThreadLocal static reference in a class to store the
request.getUserPrincipal() to give the current username to beans which are not
access to the request :
public final class PrincipalStore
{
private static final ThreadLocal store = new ThreadLocal();
public static java.security.Principal get()
{
return (java.security.Principal)store.get();
}
public static void set(final java.security.Principal principal)
{
store.set(principal);
}
}
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
