I recently attempted to upgrade our sites from tomcat 5.5.17, and at some point the behavior of request.getUserPrincipal() changed so it now returns null for all URLs except those declared to require authentication. (Actually, it seems like the behavior was changed long before 5.5.17, but regressed then was fixed again). That completely sucks and seems completely contrary to what the servlet javadoc implies, but whatever, deal with it or write my own container, I guess.
The standard workaround mentioned is to place user information in session, but that won't work across webapps using Single Sign On. I have a bunch of webapps, only one of which is protected and requires login, the rest work fine without logging in, but display different information when the user is logged in. This worked great when getUserPrincipal returned a Principal on every URL after login, but I can't figure out any way to do it now. I can just pass the userid around in every URL, but that seems... not good... and involves changing a lot of links. Is there any way of seeing if a user has been authenticated (and get their username) that works across webapps? --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
