On Thu, Jan 17, 2019, 8:09 AM Mark Thomas <ma...@apache.org wrote: > On 17/01/2019 12:46, Tim K wrote: > > When I dump the session object of an authenticated (JNDIRealm) user on my > > local dev environment versus my development server, for some reason > > the javax.security.auth.subject shows up on the dev server but not my > > local. I also spun up a docker container with pretty much default tomcat > > config and javax.security.auth.subject doesn't show up in the session > > object there either. My code is exactly the same in all envs, is there > > something within tomcat configuration which would determine if > > javax.security.auth.subject is added to the session object? I can't > figure > > out the difference why it's on one instance but not the other. > > At a guess, the development server is running under a SecurityManager > whereas the other environments are not. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Thank you! You are correct; I had disabled security locally because the eclipse paths were much different than the servers so I just disabled it to get it running locally. I presume this value in the session for the javax.security.auth.subject is consistent as long as security is enabled?
