DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30814>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30814 Management of the principal in the function org.apache.catalina.security.SecurityUtil.execute() [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | ------- Additional Comments From [EMAIL PROTECTED] 2004-08-24 18:20 ------- Hi, Maybe I do not understand my problem, but this is what’s happening, I think: - One application is protected with the Form authentication, - When user accessing to the login form, the session is created (without the subject) and the application’s filters are invoked, - If the filter is not last in the chain, hi will call SecurityUtil.execute without the principal, - The function SecurityUtil.execute will create the subject (error!), but will not add the principal to the subject (principal is null), - The newly created subject is added to the session (error!), - After the authentication, the user access to the application, - The application is executed (SecurityUtil.execute ) with good principal, but the subject is already in the session and the function execute will not add the parameter principal to the subject in the session. I’m sorry for my English and I’m little confused with Tomcat, too. P.S.: I’m not sure if it is good idea to add the principal passed as argument to the subject in the session if that principal is not already in the subject! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
