Looking at the bug report, it looks like this issue was resolved in
Apache Tomcat 6.0.24. It doesn't show as closed. We did a preliminary
test and appears it was fixed in 6.0.24, but we want to be absolutely
certain, as the consequences are dire. Was this fixed for linux in
6.0.24 (and beyond)?
Has anybody implemented user authentication, using Tomcat (6.0) realms,
via standard old-school Unix passwd files? I've already implemented
JDNIRealm (LDAP) authentication, but some of our sites aren't using LDAP
yet.
Doug Fulford
Software Engineering Specialist
(626)812-2248
Chuck,
You caught me. Rookie mistake. It's refreshing to know I can still make
rookie mistakes after almost 30 years in software. What I did was do a
WebContextFactory.get() on class initialization as a private static variable.
I should have been doing the get on each call.
Thanks,
Doug
-
..@christopherschultz.net]
Sent: Monday, January 25, 2010 2:38 PM
To: Tomcat Users List
Subject: Re: Return from getRemoteUser and isUserInRole Inconsistent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Doug,
On 1/25/2010 4:59 PM, Fulford, William wrote:
> Attached are the relevant sections f
om getRemoteUser and isUserInRole Inconsistent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Doug,
On 1/25/2010 3:35 PM, Fulford, William wrote:
> I'm using Tomcat 6.0 with Firefox 3.0.12 and JNDIRealm for
> authentication. When I call HttpServletRequest.getRemoteUser() and
> HttpSe
I'm using Tomcat 6.0 with Firefox 3.0.12 and JNDIRealm for
authentication. When I call HttpServletRequest.getRemoteUser() and
HttpServletRequest.isUserInRole(), I get inconsistent results.
Sometimes I get null for user and other times I get the user name.
Sometimes I get false for isUserInRole() a
