Bug 35943

Summary: request.getRemoteUser() is not getting populated on first time frame requests
Product: Tomcat 5 Reporter: Shibu U P <shibuup>
Component: Servlet & JSP APIAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED INVALID    
Severity: major CC: paul, sk
Priority: P2 Keywords: APIBug
Version: 5.5.16   
Target Milestone: ---   
Hardware: PC   
OS: Windows 2000   
Attachments: web.xml

Description Shibu U P 2005-07-30 21:11:36 UTC
We have following jsp as the first page of an application. Application is 
accesible only to the authorized users. What is happening is in the FrameSET 
JSP all the request.getRemoteUser() and request.isUserInRole("readonlyuser") 
are valid and correct.  
    But the jsp's inside the frame, in this example, Top.jsp, Test.jsp is 
having the request.getRemoteUser() as null. This behavior happens only in the 
first time I access the application. If I refresh the main Frameset.jsp, each 
Frame's jsp has the correct value for request.getRemoteUser()

<HTML>
<HEAD>
<TITLE>Test</TITLE>
</HEAD>
		<FRAMESET ROWS="73,100%" framespacing="0" border="0" 
frameborder="0">
			<FRAME name="topframe" src="Top.jsp" marginwidth="0" 
marginheight="0" SCROLLING="NO"  NORESIZE/>
			<FRAMESET cols="0,173,*" framespacing="0" border="0" 
frameborder="0">
				<FRAME name="code" src="Test.jsp 
marginwidth="0" marginheight="0"/>
				<FRAME name="contents" src="" marginwidth="0" 
marginheight="0"/>
				<FRAME name="main" src="blank.html" 
marginwidth="0" marginheight="0"/>
			</FRAMESET>
		</FRAMESET>
</HTML>
Comment 1 Paul Hamer 2006-02-02 02:55:40 UTC
I think I'm having a similar case using Tomcat 5.5.15, JK-connector 1.2.15 and 
IIS 5.0 (Win 2000 Server). My site is setup with a login handled by IIS.

This is my very simple index.jsp:

servletPath=<%= request.getServletPath() %><br>
remoteUser=<%= request.getRemoteUser() %><br>

When I access it through: http://localhost/index.jsp
remoteUser is empty (not null!)

When I access it through: http://localhost/
remoteUser is filled correctly

The same case works fine using Tomcat 4.0.6, so in both cases the remoteUser 
is filled
Comment 2 Mark Thomas 2006-10-02 18:26:57 UTC
This works for me using the latest 5.5.x from SVN.

I suggest you test with the latest 5.5.x release and if you still have problems
please follow up on the users mailing list. You should include the
security-constraint section of your web.xml in your post.
Comment 3 Shibu U P 2006-10-08 14:12:39 UTC
Created attachment 18981 [details]
web.xml
Comment 4 Mark Thomas 2006-10-09 01:16:23 UTC
The attached web.xml contains no references to Top.jsp, Test.jsp or blank.html

To repeat: I have tested this and it works. There is no Tomcat bug I can find here.

You have a configuration problem. Bugzilla is not a support forum. Please do not
re-open this issue. Please use the Tomcat users mailing list. You should provide
your original test case and the security constraints section of the web.xml that
applies to it.
Comment 5 sk 2006-10-09 04:40:10 UTC
are you using tomcat or apache (.htaccess) authentication?