You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/06/12 08:41:46 UTC
DO NOT REPLY [Bug 29537] New: -
User's identity and roles only for protected url
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29537>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29537
User's identity and roles only for protected url
Summary: User's identity and roles only for protected url
Product: Tomcat 5
Version: 5.0.25
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: ephemeris.lappis@tiscali.fr
It seems Tomcat only sets the request user's identity (getUserPrincipal) and
authorizations (isUserInRole) when the requested URL has been protected by
security constraints. For example, if in my webapp i have two parts with path
beginning with 'public' or 'protected', and i set a constraint on the second
one, any request for the 'protected/...' URLs gives the correct user and roles,
while all the 'public/...' always return a null user and false for role
checkings.
The same war deployed on Tomcat 4 and Weblogic 8 has the correct behaviour.
Is this a change from the new servlet specification, or a bug ?
Thanks for help.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org