DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=12428>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=12428 ------- Additional Comments From [EMAIL PROTECTED] 2007-09-20 02:47 ------- Created an attachment (id=20857) --> (http://issues.apache.org/bugzilla/attachment.cgi?id=20857&action=view) Make authentication independent of security constraints The specification of the getUserPrincipal doesn't say the availability of principal information depends on the existance of security constraints in the deployment descriptor. The patch causes the login configuration to be installed unconditionally and checks if authentication is provided in the request regardless of the existance of security constraints. Credentials may have been provided spontaneously or after a 401 response comming from the servlet. Note that this is also the way WebLogic behaves. This patch is for Tomcat 5.5.23 and not Tomcat 4 for which the bug was created. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
