Actually it is broken Mark since the principal can be created later (you login in a servlet for instance).
That's why in tomee we wrap the realm to ensure we get the information whatever happen. Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-08-05 19:40 GMT+02:00 Mark Struberg <strub...@yahoo.de>: > has nothing to do with recycle. Seems that the authentication in > BasicAuthenticator only gets triggered in StandardHostValve#171 by calling > context.getPipeline().getFirst().invoke(request, response); > > While the request listener already get triggered in StandardHostValve#167 by > calling context.fireRequestInitEvent(request) > > I've now moved the OWB security stuff from a Listener to a Filter with > ordering before=others > > Works for me, but still wonder what the spec wording defines. > > LieGrue, > strub > > > > On Monday, 4 August 2014, 22:56, Romain Manni-Bucau <rmannibu...@gmail.com> > wrote: > > >> >> >>Hmm >> >>did you debug in org.apache.catalina.connector.Request#recycle? >> >> >>Romain Manni-Bucau >>Twitter: @rmannibucau >>Blog: http://rmannibucau.wordpress.com/ >>LinkedIn: http://fr.linkedin.com/in/rmannibucau >>Github: https://github.com/rmannibucau >> >> >>2014-08-04 22:37 GMT+02:00 Mark Struberg <strub...@yahoo.de>: >>> yea exactly. But the user IS authenticated! >>> And later in the Filter getUserPrincipal() returns the correct Principal. >>> But in the ServletRequestListener (invoked in the same request of course) >>> it is null. >>> Either it should always be null, or never! >>> >>> LieGrue, >>> strub >>> >>> >>> On Monday, 4 August 2014, 22:12, Jean-Louis MONTEIRO <jeano...@gmail.com> >>> wrote: >>> >>> >>>> >>>> >>>>oups thanks Romain >>>> >>>> >>>>2014-08-04 22:09 GMT+02:00 Romain Manni-Bucau <rmannibu...@gmail.com>: >>>> >>>>> "Returns a java.security.Principal object containing the name of the >>>>> current authenticated user. If the user has not been authenticated, >>>>> the method returns null." >>>>> >>>>> >>>>> Romain Manni-Bucau >>>>> Twitter: @rmannibucau >>>>> Blog: http://rmannibucau.wordpress.com/ >>>>> LinkedIn: http://fr.linkedin.com/in/rmannibucau >>>>> Github: https://github.com/rmannibucau >>>>> >>>>> >>>>> 2014-08-04 22:04 GMT+02:00 Jean-Louis MONTEIRO <jeano...@gmail.com>: >>>>> > It should return at least always a non null principal AFAIR, isn't it? >>>>> > >>>>> > >>>>> > 2014-08-04 19:33 GMT+02:00 Mark Struberg <strub...@yahoo.de>: >>>>> > >>>>> >> Hi! >>>>> >> >>>>> >> I've recently found out that getUserPrincipal() returns null in a >>>>> Listener >>>>> >> [1]. >>>>> >> I remember that this used to return the correct Principal in older >>>>> >> versions (might be some time already). >>>>> >> Also from reading the spec I assumed it should work. >>>>> >> >>>>> >> Any infos on this? >>>>> >> >>>>> >> LieGrue, >>>>> >> strub >>>>> >> >>>>> >> >>>>> >> [1] >>>>> >> >>>>> http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java >>>>> >> >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > Jean-Louis >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >>>> >>>>> >>>>> >>>> >>>> >>>>-- >>>>Jean-Louis >>>> >>>> >>>> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
