You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Ognjen Blagojevic <og...@etf.bg.ac.rs> on 2010/03/24 14:59:44 UTC
Adding support for Spring security users to guessed user list
Hi developers,
I have one micro request for Tomcat manager application.
Manager application can display active sessions, with the most relevant
data for that session (session id, TTL, last accessed time, TTL and so
on). Guessed username is one of the columns. AFAICS in the code
(SessionUtils.java) username is guessed from the request attributes that
are listed in the array USER_TEST_ATTRIBUTES.
Can we add attribute "SPRING_SECURITY_LAST_USERNAME" to that array, so
the users that are using Spring security for authentication may also see
the username for the displayed session? (I already tested this, and it
works fine.)
If yes, what are next steps? Should I open JIRA and provide patch? Or
maybe that is not necessary, since it is a smallest possible modification.
Regards,
Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Adding support for Spring security users to guessed user list
Posted by Ognjen Blagojevic <og...@etf.bg.ac.rs>.
Mark Thomas wrote:
>> Can we add attribute "SPRING_SECURITY_LAST_USERNAME" to that array, so
>> the users that are using Spring security for authentication may also see
>> the username for the displayed session? (I already tested this, and it
>> works fine.)
...
> I've applied the change to trunk for 7.0.x and proposed the change for
> 6.0.x.
That was fast. :) Thank you, Mark.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Adding support for Spring security users to guessed user list
Posted by Mark Thomas <ma...@apache.org>.
On 24/03/2010 13:59, Ognjen Blagojevic wrote:
> Hi developers,
>
> I have one micro request for Tomcat manager application.
>
> Manager application can display active sessions, with the most relevant
> data for that session (session id, TTL, last accessed time, TTL and so
> on). Guessed username is one of the columns. AFAICS in the code
> (SessionUtils.java) username is guessed from the request attributes that
> are listed in the array USER_TEST_ATTRIBUTES.
>
> Can we add attribute "SPRING_SECURITY_LAST_USERNAME" to that array, so
> the users that are using Spring security for authentication may also see
> the username for the displayed session? (I already tested this, and it
> works fine.)
>
> If yes, what are next steps? Should I open JIRA and provide patch? Or
> maybe that is not necessary, since it is a smallest possible modification.
JIRA won't get you very far. Tomcat uses Bugzilla :)
I've applied the change to trunk for 7.0.x and proposed the change for
6.0.x.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org