Chris,
Sorry about that. The text came off of a classified system. The easiest way
for me to get it you, without going through a lot of hoops, was to print it,
make sure it's clean, scan it, and attach it to a file. Unfortunately I don’t
have any character recognition software handy, so I'll type it in:
server.xml:
...
<Realm className="org.apache.catalina.realm.JDNIRealm"
debug="99"
connectionURL="ldap://193.10.1.172:389/";
userPattern="uid={0},ou=People,dc=aes,dc=com"
roleBase="ou=group,dc=aes,dc=com"
roleName="cn"
roleSearch="memberUid=[1]"
/>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
...
web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tgirs</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>owd</role-name>
</security-role>
...
The best way to characterize the behavior is that null or the correct user name
is randomly returned and true or false is randomly return (unless the server is
freshly restarted). I don't believe it’s a problem with the JavaScript or DWR
interface, because I log out the values returned by the Java methods, and they
are the same. My Java methods are just pass-throughs to the
javax.servlet.http.HttpServletRequest interface.
Doug
-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, January 25, 2010 2:38 PM
To: Tomcat Users List
Subject: Re: Return from getRemoteUser and isUserInRole Inconsistent
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Doug,
On 1/25/2010 4:59 PM, Fulford, William wrote:
> Attached are the relevant sections from the server.xml and web.xml,
> respectively.
This mailing list often strips attachments. Could you copy/paste
relevant sections into your next post? It's important to know what
authentication you are using and what the security constraints look
like. It would also be nice to see a few examples of URLs that your web
pages are trying to access.
> I'm using DWR to call Java methods in HttpServletInfo (a class I
> wrote) from a JavaScript using ExtJs:
>
> ...
>
> HttpServletInfo.getRemoteUser(function(user) { ... };
>
> ...
>
> HttpServletInfo.isUserInRole("tgirs", function(isInRole) { ... };
>
> ...
The above doesn't have any information that's really useful to me, at
least not now. :(
> These are called every time my page is loaded (Ext.onReady).
>
> I've tried with or without restarting Firefox, with or without
> restarting Tomcat, and via <ctrl>-<shift> Reload (Reload that clears
> private data). The only consistency is that, after restarting
> Tomcat, the user name is returned, and isInRole is false. Otherwise
> the results are inconsistent.
So, the function HttpServletInfo.getRemoteUser above returns
inconsistent results, or HttpServletRequest.getRemoteUser returns
inconsistent results?
...and if you just sit on the same page, repeatedly reloading the page,
HttpServletRequest.getRemoteUser and HttpServletRequest.isUserInRole
(for the same value every time) return essentially random results?
If it's the functions above that return random stuff, I'd look at those.
If it's Tomcat's implementation of those methods that appears to be
broken, then we'd have a lot of users out there storming the castle with
torches and pitchforks.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkteHSoACgkQ9CaO5/Lv0PBATQCeP4jBBqXuMOA18ePdejyUbcqR
N28AoJcWuvnpAJYCK2V7zhmz7iRSYaeI
=w7CV
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
