Chris, Good question on the version. But I'm not sure how to tell. Both servers are in a directory named Tomcat 7.0. But I can't remember if that was the default or if I forced that name. Where can I look in the install directory to find the version? I do know that I installed both servers around the first of December 2011. I haven't updated since then.
You mentioned there were some known problems with using getUserPrincipal(). It might be related. However, I was only using getUserPrincipal() for debug purposes to show whether I was logged on or not. The real symptom of the problem was after logging on successfully and redirecting to another page, the login form page pops up forcing a second login. If it's all tied together, then fine. But if the problem you referenced only had to do with results of getUserPrincipal and nothing else, I doubt it is related to my problem. If there is a newer version since December, and there are known fixes in this area, I'll go ahead and upgrade. But I really don't want to update and risk more instability unless there is reason to believe upgrading will fix the problem. Suggestions? Thx On Wed, Apr 4, 2012 at 7:49 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jerry, > > On 4/4/12 5:31 PM, Jerry Malcolm wrote: > > I am using TC 7.0 on a couple of servers. > > 7.0.what? > > There have been a bunch of questions about authentication and > authorization lately involving a (somewhat) recent change when > resources aren't protected buy a <security-constraint> and are calling > request.getPrincipal(). > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk987CwACgkQ9CaO5/Lv0PD9cgCgnzLbeVE97a+vPw0SWsafDpCT > e9sAoKYPJWqf86mkd7JtbBNDkrv2Wuwb > =K8KQ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
