DO NOT REPLY [Bug 12428] - request.getUserPrincipal(): Misinterpretation of specification?

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12428





------- Additional Comments From werner.donne@re.be  2007-09-20 02:47 -------
Created an attachment (id=20857)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=20857&action=view)
Make authentication independent of security constraints

The specification of the getUserPrincipal doesn't say the availability of
principal information depends on the existance of security constraints in the
deployment descriptor.

The patch causes the login configuration to be installed unconditionally and
checks if authentication is provided in the request regardless of the existance
of security constraints. Credentials may have been provided spontaneously or
after a 401 response comming from the servlet.

Note that this is also the way WebLogic behaves.

This patch is for Tomcat 5.5.23 and not Tomcat 4 for which the bug was created.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org