5 Replies Latest reply on Jun 20, 2003 11:34 AM by johndoekyrgyz

    principal null

    caugustin

      Hi!

      I use jboss-3.0.4_tomcat-4.1.12 with ldap authentication. It works fine, without causing problems. But if I put Apache in front of it, it also works fine, but it loses the principal. I've tested it, but I can't find any schema. It would not happen when I do the same actions twice, where the first test causes this problem and the second one would run fine. There's also no timeout, because this problem happens with different intervalls.

      I've looked for solving this problem some days, but now I've read the same pages many times without success. My main problem is, that I can not find a connection between the Apache and the Jboss-Security. Or is there a special configuration for this?

      Did somebody of you have the same, or nearly the same, problem? Please help.

      Thx Caroline

        • 1. Re: principal null
          bkbonner

          I'm seeing the principal as null on unsecured pages after I'm authenticated (using the usersrolesloginmodule).

          I think this is a bug in Tomcat 4.1.24 (and possibly 4.1.12). It works in 4.0.6, but when you use tomcat 4.1.24 standalone I get a null behavior. I'm not sure what happens wrt apache.

          • 2. Re: principal null

            No, it's not a bug, it is in the spec. Search the forums for more info, this is question that is often raised.

            Cheers
            Peter

            • 3. Re: principal null
              johndoekyrgyz

              Hello everyone,

              I am experiencing a similar problem. I login successfully and recieve an error message about a null principal. This message originates from the EJBs that my servlet tries to access. Pressing refresh in my browser a few times brings me to the right page and everything works fine. Why is the SecurityContext of my servlet not being propagated to the EJB layer right away? I am using JBoss 3.2.1 with integrated Tomcat.

              Any suggestions or links to other resources would be appreciated.

              John

              • 4. Re: principal null

                form based login?

                • 5. Re: principal null
                  johndoekyrgyz

                  The problem wasn't really a problem at all.

                  This is what was happening. In the constructor of my Struts action, which was triggerd on demenad when a user requested the url mapped to that action, I created a login context that was linked to the client-login realm defined in my login-config.xml file. There was another logincontext in play when this was happening. This was the logincontext created by the servlet container when the user loged in, using form authentication. In my jbossweb.xml file I had the servlet container logging into the CitiHopeSecurityDomain. The two logincontexts created unpredictable results. By removing the login in the struts action and reshuffling the security settings in the ejb-jar.xml file I was able to get it to work.