You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Tomcat User <to...@secristfamily.com> on 2003/06/26 20:06:17 UTC

GenericPrincipal & Realms

Is there a reason why org.apache.catalina.realm.GenericPrincipal is always used to mask the true principal behind the authenticaion process within each realm?

Why does Tomcat limit the ability to provide a more complex Principal when HttpServletRequest.getUserPrincipal() is called?

If anyone knows of any security risks by providing this more complex type (other than what the designer of the type introduces by faulty programming), I would like to hear them as well....

Randy Secrist

Re: GenericPrincipal & Realms

Posted by Bill Barker <wb...@wilshire.com>.

I've got an (internal) site happily running with a custom Realm that sets
the Principal to one that doesn't extend GenericPrincipal.

The only place that I can see Tomcat depends on GenericPrincipal is
RealmBase.getRoles, and you would have to override that one anyway if you
wanted to have your own Principal.

"Tomcat User" <to...@secristfamily.com> wrote in message
news:000a01c33c0d$b62ed5f0$d806ff0c@secristfamily.com...
Is there a reason why org.apache.catalina.realm.GenericPrincipal is always
used to mask the true principal behind the authenticaion process within each
realm?

Why does Tomcat limit the ability to provide a more complex Principal when
HttpServletRequest.getUserPrincipal() is called?

If anyone knows of any security risks by providing this more complex type
(other than what the designer of the type introduces by faulty programming),
I would like to hear them as well....

Randy Secrist




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Tomcat and SSL

Posted by Daniel Zhang <zh...@clinicaltools.com>.

I have a tomcat(4.1.12) running on RedHat Linux with SSL works fine on 
my Intranet testservers.  However when I configure it
to public servers(public IPs), the HTTP works but HTTPS does not work. 
When I type a HTTPS URL in IE browser,
the browser simply returned a "The page cannot displayed" message and 
there is NO any error records in Tomcat's log files.

Anyone has experience like this? Appreciate for any help.

-Daniel



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org