You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/08/24 15:35:49 UTC

DO NOT REPLY [Bug 30814] - Management of the principal in the function org.apache.catalina.security.SecurityUtil.execute()

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30814>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30814

Management of the principal in the function org.apache.catalina.security.SecurityUtil.execute()

jfarcand@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME



------- Additional Comments From jfarcand@apache.org  2004-08-24 13:35 -------
I think you missed that part of the code:

   1679     /**
   1680      * Set the Principal who has been authenticated for this Request.  This
   1681      * value is also used to calculate the value to be returned by the
   1682      * <code>getRemoteUser()</code> method.
   1683      *
   1684      * @param principal The user Principal
   1685      */
   1686     public void setUserPrincipal(Principal principal) {
   1687
   1688         if (System.getSecurityManager() != null){
   1689             HttpSession session = getSession(false);
   1690             if ( (subject != null) &&
   1691                  (!subject.getPrincipals().contains(principal)) ){
   1692                 subject.getPrincipals().add(principal);
   1693             } else if (session != null &&
   1694                         session.getAttribute(Globals.SUBJECT_ATTR) ==
null) {
   1695                 subject = new Subject();
   1696                 subject.getPrincipals().add(principal);
   1697             }
   1698             if (session != null){
   1699                 session.setAttribute(Globals.SUBJECT_ATTR, subject);
   1700             }
   1701         }
   1702
   1703         this.userPrincipal = principal;
   1704     }

This code snippet is from CoyoteRequest. Everytime the principal is discovered,
it is added to the Subject. 

I'm closing the bug, but fell free to re-open it with a test case if you have one .

Thanks

-- Jeanfrancois

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org