You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Jonathan Pierce <Jo...@seagram.com> on 2002/02/15 23:42:53 UTC

Re[2]:cvs commit: jakarta-tomcat-connectors/jk/java/org/apac

>>No, I did it on purpose.
>>It's a lot better to have the user set the behavior of the connector here.

I don't understand what you mean here. If you want tomcat to authenticate, and
the userid is passed in, your code doesn't call setUserPrincipal.

When the userid passed in is the empty string (not null) and you don't want
Tomcat authentication, your code will set the user principal to an
Ajp13Principal wrapping the empty string and Tomcat will generate the access
denied (403) error when the user hits the page through the connector since the
user principal will not be null, but will also be an invalid empty string
userid.

Did you test this code with the connector?

//if ((!(((Ajp13Connector) connector).getTomcatAuthentication())) 
 //&& (ajp.remoteUser() != null)) {
 //setUserPrincipal(new
//Ajp13Principal(ajp.remoteUser().toString()));
//           } else {
 //              setUserPrincipal(null);
 //          }




____________________Reply Separator____________________
Subject:    Re:cvs commit: jakarta-tomcat-connectors/jk/java/org/apache/
Author: "Tomcat Developers List" <to...@jakarta.apache.org>
Date:       2/15/2002 2:20 PM

> It looks like you accidently removed the empty string check needed here
for
> ajp.RemoteUser ().
> ajp.RemoteUser () should probably also be checked whether it is null
before
> calling toString.

No, I did it on purpose.
It's a lot better to have the user set the behavior of the connector here.
Since you want TC to authenticate the users, you don't have to do anything.
OTOH, if you want the native webserver to authenticate, you should set the
'tomcatAuthentication' attribute to 'false' on the Connector element.

As pointed out by Nacho, it makes the connector predictable.

Also, the check for ajp.remoteUser() being equal to null is there (but
obviously, it's only needed when 'tomcatAuthentication' is false).

Remy


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>


************************************************************************
This email and any files transmitted with it are for the named person's use
only.  It may contain confidential, proprietary or legally privileged
information.  No confidentiality or privilege is waived or lost by any
mistransmission.  If you receive this message in error, please immediately
delete it and all copies of it from your system, destroy any hard copies
of it and notify the sender.  You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you
are not the intended recipient.

This email message has been swept by a virus software product for the
presence of computer viruses.
*************************************************************************

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>