You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/08/24 15:35:49 UTC
DO NOT REPLY [Bug 30814] -
Management of the principal in the function org.apache.catalina.security.SecurityUtil.execute()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30814>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30814
Management of the principal in the function org.apache.catalina.security.SecurityUtil.execute()
jfarcand@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From jfarcand@apache.org 2004-08-24 13:35 -------
I think you missed that part of the code:
1679 /**
1680 * Set the Principal who has been authenticated for this Request. This
1681 * value is also used to calculate the value to be returned by the
1682 * <code>getRemoteUser()</code> method.
1683 *
1684 * @param principal The user Principal
1685 */
1686 public void setUserPrincipal(Principal principal) {
1687
1688 if (System.getSecurityManager() != null){
1689 HttpSession session = getSession(false);
1690 if ( (subject != null) &&
1691 (!subject.getPrincipals().contains(principal)) ){
1692 subject.getPrincipals().add(principal);
1693 } else if (session != null &&
1694 session.getAttribute(Globals.SUBJECT_ATTR) ==
null) {
1695 subject = new Subject();
1696 subject.getPrincipals().add(principal);
1697 }
1698 if (session != null){
1699 session.setAttribute(Globals.SUBJECT_ATTR, subject);
1700 }
1701 }
1702
1703 this.userPrincipal = principal;
1704 }
This code snippet is from CoyoteRequest. Everytime the principal is discovered,
it is added to the Subject.
I'm closing the bug, but fell free to re-open it with a test case if you have one .
Thanks
-- Jeanfrancois
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org