You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "LiWenQin (JIRA)" <ji...@apache.org> on 2010/12/21 08:05:00 UTC
[jira] Created: (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
---------------------------------------------------------------------------------------------------------------------------
Key: GERONIMO-5738
URL: https://issues.apache.org/jira/browse/GERONIMO-5738
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 3.0
Reporter: LiWenQin
Priority: Minor
Fix For: 3.0
Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "LiWenQin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
LiWenQin updated GERONIMO-5738:
-------------------------------
Attachment: ServletException-JETTY.txt
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Priority: Minor
> Fix For: 3.0
>
> Attachments: ServletException-JETTY.txt
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] [Assigned] (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "Shenghao Fang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shenghao Fang reassigned GERONIMO-5738:
---------------------------------------
Assignee: Shenghao Fang
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Assignee: Shenghao Fang
> Priority: Minor
> Fix For: 3.0
>
> Attachments: ServletException-JETTY.txt, tomcat-getRemoteUser(),getUserPrincipal()-ERROR.png
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "Tina Li (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tina Li closed GERONIMO-5738.
-----------------------------
Problem fixed.
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Assignee: Shenghao Fang
> Priority: Minor
> Fix For: 3.0
>
> Attachments: GERONIMO-5738-Tomcat.patch, ServletException-JETTY.txt, tomcat-getRemoteUser(),getUserPrincipal()-ERROR.png
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "LiWenQin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975960#action_12975960 ]
LiWenQin commented on GERONIMO-5738:
------------------------------------
In geronimo-tomcat7-javaee6-3.0-SNAPSHOT, the problem is the same to the "Description" part.
In geronimo-jetty8-javaee6-3.0-SNAPSHOT, There is a ServletException when calling HttpServletRequest.login(userName, password) method.
Please see details printStackTrace() INFO in the attachment.
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Priority: Minor
> Fix For: 3.0
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "LiWenQin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
LiWenQin updated GERONIMO-5738:
-------------------------------
Attachment: tomcat-getRemoteUser(),getUserPrincipal()-ERROR.png
Picture displays the error info
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Priority: Minor
> Fix For: 3.0
>
> Attachments: ServletException-JETTY.txt, tomcat-getRemoteUser(),getUserPrincipal()-ERROR.png
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12973516#action_12973516 ]
David Jencks commented on GERONIMO-5738:
----------------------------------------
Is this with tomcat, jetty, or both?
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Priority: Minor
> Fix For: 3.0
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] [Updated] (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "Shenghao Fang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shenghao Fang updated GERONIMO-5738:
------------------------------------
Attachment: GERONIMO-5738-Tomcat.patch
The patch for Tomcat is available, please help to review.
A bug was reported to Jetty regarding this issue:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=343472
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Assignee: Shenghao Fang
> Priority: Minor
> Fix For: 3.0
>
> Attachments: GERONIMO-5738-Tomcat.patch, ServletException-JETTY.txt, tomcat-getRemoteUser(),getUserPrincipal()-ERROR.png
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
Posted by "Shenghao Fang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shenghao Fang resolved GERONIMO-5738.
-------------------------------------
Resolution: Fixed
Regression: [Regression]
Patch has been committed.
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Assignee: Shenghao Fang
> Priority: Minor
> Fix For: 3.0
>
> Attachments: GERONIMO-5738-Tomcat.patch, ServletException-JETTY.txt, tomcat-getRemoteUser(),getUserPrincipal()-ERROR.png
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira