Bug 43840

Summary: Unexpected behaviour when GenericPrincipal is serialized using the SerializablePrincipal in a cluster.
Product: Tomcat 6 Reporter: ashley <ashley>
Component: ClusterAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 6.0.14   
Target Milestone: default   
Hardware: PC   
OS: Linux   

Description ashley 2007-11-11 20:12:16 UTC
The method 'getUserPrincipal()' in the GenericPrincipal class returns itself or
a provided Principal if possible. This is also the return value of the
request.getUserPrincipal() method. This works fine in a non-clustered environment.

However the behaviour of this method changes when the GenericPrincipal is
serialized by the SerializablePrincipal class. In the initial node of a cluster
the request.getUserPrincipal() method behaves normally. However after the
principal is serialized to another node it no longer contains the internal
Principal object, so the same method call will now return a different object.

I think a solution could be:

1) If there exists an internal userPrincipal AND it is Serializable then
serialize it along with the other properties of GenericPrincipal.

2) Recreate it at the other end if it is available in the object stream.

In this manner users with custom Principal objects that implement
java.io.Serializable will have predictable results from the
request.getUserPrincipal method across nodes in a cluster.

I'd appreciate your thoughts on this.

Comment 1 Mark Thomas 2007-12-30 14:04:12 UTC
I have committed a fix to svn and proposed the fix for inclusion in 6.0.x

Comment 2 Mark Thomas 2008-01-10 13:10:29 UTC
This has been fixed in svn and will be included in 6.0.16 onwards.