DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30602>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30602 Subject is not available during the first call to the servlet which use the basic authentication Summary: Subject is not available during the first call to the servlet which use the basic authentication Product: Tomcat 5 Version: 5.0.27 Platform: All OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Hi, I’m using jakarta-tomcat-5.0.27-src and Windows XP. I made a servlet that print current subject principals (authenticated user). The servlet code is: <code> private void doQuery( HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<HEAD>"); out.println("<TITLE>TestServletProtected</TITLE>"); out.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">"); out.println("<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">"); out.println("</HEAD>"); out.println("<BODY>"); out.println("<br>"); out.println(request.getAuthType()); out.println("</br>"); out.println("<br>"); out.println(request.getRemoteUser()); out.println("</br>"); out.println("<br>"); out.println(request.getUserPrincipal()); out.println("</br>"); out.println("<br>"); out.println(request.isUserInRole("tomcat")); out.println("</br>"); out.println("<br>"); out.println(request.isUserInRole("admin")); out.println("</br>"); Subject subject = Subject.getSubject(AccessController.getContext()); out.println("<br>"); out.println(subject); out.println("</br>"); subject = (Subject) request.getSession(true).getAttribute( "javax.security.auth.subject"); out.println("<br>"); out.println(subject); out.println("</br>"); out.println("</BODY>"); out.println("</BODY>"); out.println("</HTML>"); out.close(); } </code> The first time I call this servlet I get: BASIC tomcat GenericPrincipal[tomcat(admin,manager,tomcat,)] true true null null The next time I get: BASIC tomcat GenericPrincipal[tomcat(admin,manager,tomcat,)] true true Subject: Principal: GenericPrincipal[tomcat(admin,manager,tomcat,)] Subject: Principal: GenericPrincipal[tomcat(admin,manager,tomcat,)] I found that SecurityUtil.execute trying to find the subject in the current session, but because the session is not been created yet, the subject passed to the function Subject.doAsPrivileged is null. When I changed the code in the function SecurityUtil.execute to: // The first argument is always the request object if (targetArguments != null && targetArguments[0] instanceof HttpServletRequest){ HttpServletRequest request = (HttpServletRequest)targetArguments[0]; HttpSession session = request.getSession(false); if (session != null){ subject = (Subject)session.getAttribute(Globals.SUBJECT_ATTR); } if ((subject == null) && (principal != null)){ subject = new Subject(); subject.getPrincipals().add(principal); if(session != null) { session.setAttribute(Globals.SUBJECT_ATTR, subject); } } } Everything looks OK except that the subject is not in the session (request.getSession(true).getAttribute( "javax.security.auth.subject"); return null). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
