On 17/01/2019 14:06, Tim K wrote: > On Thu, Jan 17, 2019, 8:09 AM Mark Thomas <ma...@apache.org wrote: > >> On 17/01/2019 12:46, Tim K wrote: >>> When I dump the session object of an authenticated (JNDIRealm) user on my >>> local dev environment versus my development server, for some reason >>> the javax.security.auth.subject shows up on the dev server but not my >>> local. I also spun up a docker container with pretty much default tomcat >>> config and javax.security.auth.subject doesn't show up in the session >>> object there either. My code is exactly the same in all envs, is there >>> something within tomcat configuration which would determine if >>> javax.security.auth.subject is added to the session object? I can't >> figure >>> out the difference why it's on one instance but not the other. >> >> At a guess, the development server is running under a SecurityManager >> whereas the other environments are not. >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > Thank you! You are correct; I had disabled security locally because the > eclipse paths were much different than the servers so I just disabled it to > get it running locally. I presume this value in the session for the > javax.security.auth.subject is consistent as long as security is enabled?
Yes, see: https://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?view=annotate#l1941 Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
