You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Ognjen Blagojevic <og...@etf.bg.ac.rs> on 2010/03/24 14:59:44 UTC

Adding support for Spring security users to guessed user list

Hi developers,

I have one micro request for Tomcat manager application.

Manager application can display active sessions, with the most relevant 
data for that session (session id, TTL, last accessed time, TTL and so 
on). Guessed username is one of the columns. AFAICS in the code 
(SessionUtils.java) username is guessed from the request attributes that 
are listed in the array USER_TEST_ATTRIBUTES.

Can we add attribute "SPRING_SECURITY_LAST_USERNAME" to that array, so 
the users that are using Spring security for authentication may also see 
the username for the displayed session? (I already tested this, and it 
works fine.)

If yes, what are next steps? Should I open JIRA and provide patch? Or 
maybe that is not necessary, since it is a smallest possible modification.

Regards,
Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Adding support for Spring security users to guessed user list

Posted by Ognjen Blagojevic <og...@etf.bg.ac.rs>.

Mark Thomas wrote:
>> Can we add attribute "SPRING_SECURITY_LAST_USERNAME" to that array, so
>> the users that are using Spring security for authentication may also see
>> the username for the displayed session? (I already tested this, and it
>> works fine.)
...
> I've applied the change to trunk for 7.0.x and proposed the change for
> 6.0.x.

That was fast. :) Thank you, Mark.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Adding support for Spring security users to guessed user list

Posted by Mark Thomas <ma...@apache.org>.

On 24/03/2010 13:59, Ognjen Blagojevic wrote:
> Hi developers,
> 
> I have one micro request for Tomcat manager application.
> 
> Manager application can display active sessions, with the most relevant
> data for that session (session id, TTL, last accessed time, TTL and so
> on). Guessed username is one of the columns. AFAICS in the code
> (SessionUtils.java) username is guessed from the request attributes that
> are listed in the array USER_TEST_ATTRIBUTES.
> 
> Can we add attribute "SPRING_SECURITY_LAST_USERNAME" to that array, so
> the users that are using Spring security for authentication may also see
> the username for the displayed session? (I already tested this, and it
> works fine.)
> 
> If yes, what are next steps? Should I open JIRA and provide patch? Or
> maybe that is not necessary, since it is a smallest possible modification.

JIRA won't get you very far. Tomcat uses Bugzilla :)

I've applied the change to trunk for 7.0.x and proposed the change for
6.0.x.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org