You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by jfc100 <jf...@btopenworld.com> on 2002/05/10 21:09:14 UTC
either Tomcat or JBoss is my stumbling block
Hi,
I am currently trying to design a webapp using opensource containers
which implement the latest specs. This means tomcat403(for servlets2.3
and jsp1.2) and jboss300(for ejb2.0).
During an upgrade to both of the containers implementing these specs, I
experience an anomally which has to do with the servlet container not
remembering an authenticated user unless he has requested a secured web
resource (i.e. the request method getUserPrincipal() returns null when
he has requested an unsecured web resource). I am using form-based
authentication aka j_security_check.
At the moment the highest I can go before I lose either spec is the
following:
jb241a+tc323 = ok!
jb243+tc40 = ok!
jb244+tc323 = ok!
jb244+tc40 = bad! (using the same tc40 as above!);
jb245+tc40 = bad! (using the same tc40 as above!);
jb243+tc401 = starts up ok but I didn't get far enough to test
(get http status 403 - access to requested resource denied when
accessing a secured resource);
jb243+tc403 = (same as above)
jb244+tc331 = (didn't get far enough to test)
jb244+tc324 = (couldn't test due to classpath problem I have yet
to resolve - only in this bundle, tho');
I've spent ages on this trial and error approach but I'm still really
stuck with this - I want to proceed using servlets2.3 and jsp1.2 but
not at the expense of ejb2.0 and vice versa.
*Please* could someone let me know whether this is a tomcat problem (I
will ask again on the jboss forum). I heard on the struts mailing list
that this problem is occurring on someone's websphere containers too so
that could be a real spanner.
Also I noticed that the form-based auth valve is only being called for
secured resources - is this intended?
Thanks
Joe
(should this go to tomcat-dev, perhaps?)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>