[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: Re: javax.security.auth.subject within session
From: Mark Thomas <markt () apache ! org>
Date: 2019-01-17 14:13:50
Message-ID: 47af98df-d6c5-3a46-8e8e-eb8f1787a01f () apache ! org
[Download RAW message or body]
On 17/01/2019 14:06, Tim K wrote:
> On Thu, Jan 17, 2019, 8:09 AM Mark Thomas <markt@apache.org wrote:
>
> > On 17/01/2019 12:46, Tim K wrote:
> > > When I dump the session object of an authenticated (JNDIRealm) user on my
> > > local dev environment versus my development server, for some reason
> > > the javax.security.auth.subject shows up on the dev server but not my
> > > local. I also spun up a docker container with pretty much default tomcat
> > > config and javax.security.auth.subject doesn't show up in the session
> > > object there either. My code is exactly the same in all envs, is there
> > > something within tomcat configuration which would determine if
> > > javax.security.auth.subject is added to the session object? I can't
> > figure
> > > out the difference why it's on one instance but not the other.
> >
> > At a guess, the development server is running under a SecurityManager
> > whereas the other environments are not.
> >
> > Mark
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> Thank you! You are correct; I had disabled security locally because the
> eclipse paths were much different than the servers so I just disabled it to
> get it running locally. I presume this value in the session for the
> javax.security.auth.subject is consistent as long as security is enabled?
Yes, see:
https://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?view=annotate#l1941
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic