You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/01/11 15:07:49 UTC
DO NOT REPLY [Bug 44209] New: - JAASRealm loses credentials - principal=null
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44209>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44209
Summary: JAASRealm loses credentials - principal=null
Product: Tomcat 5
Version: 5.5.23
Platform: Other
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P1
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: nicolaou@netinfo.com.cy
I have a tomcat 5.5.23 running on linux machine communicating with EJBs on a
Jboss server on another linux machine.
I have lots of users connecting on the system and I get lots of errors in the
jboss authentication module saying that the principal received from tomcat is
null. This occurs after the user has logged in and after he/she successfully
managed to call the server multiple times without any problems. It seems that
sometimes the tomcat JAAS module loses the principal of the LoginContext. I have
not managed to figure out when this happens but when this occurs the user has to
logout and login again.
I have also noticed something else that is weird. When the above scenario occurs
the next user that tries to login is picking up the invalid LoginContext that
has a null principal. I managed to reproduce this by doing a LoginContext.login
with invalid credentials and tried to access a server function in order to
receive an authentication exception from the server. When this happens I do not
logout the context. I then try opening a new session with a new browser and
accessing a function with @PermitAll only to find out that tomcat picked up the
invalid loginContext of the other session and tries to validate the user using
the invalid credentials.
Any help will be appreciated.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44209] - JAASRealm loses credentials - principal=null
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44209>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44209
markt@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From markt@apache.org 2008-01-13 09:26 -------
Without the steps to reproduce this there isn't much we can do.
If you have multiple, clustered Tomcats with replicated sessions then the null
Principal may be caused by bug 43840 (assuming it also applies to 5.5.x - I
haven't checked).
You might also want to check with your JBoss support. This issue could be
related to the JBoss/Tomcat integration.
I am closing this as INVALID since there are no steps to reproduce the issue and
it isn't clear if this is a Tomcat or JBoss issue. Please feel free to re-open
this issue if you are able to generate a test case or if a fix for 43840 in
Tomcat 5.5. is required.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org