We have following jsp as the first page of an application. Application is accesible only to the authorized users. What is happening is in the FrameSET JSP all the request.getRemoteUser() and request.isUserInRole("readonlyuser") are valid and correct. But the jsp's inside the frame, in this example, Top.jsp, Test.jsp is having the request.getRemoteUser() as null. This behavior happens only in the first time I access the application. If I refresh the main Frameset.jsp, each Frame's jsp has the correct value for request.getRemoteUser() <HTML> <HEAD> <TITLE>Test</TITLE> </HEAD> <FRAMESET ROWS="73,100%" framespacing="0" border="0" frameborder="0"> <FRAME name="topframe" src="Top.jsp" marginwidth="0" marginheight="0" SCROLLING="NO" NORESIZE/> <FRAMESET cols="0,173,*" framespacing="0" border="0" frameborder="0"> <FRAME name="code" src="Test.jsp marginwidth="0" marginheight="0"/> <FRAME name="contents" src="" marginwidth="0" marginheight="0"/> <FRAME name="main" src="blank.html" marginwidth="0" marginheight="0"/> </FRAMESET> </FRAMESET> </HTML>
I think I'm having a similar case using Tomcat 5.5.15, JK-connector 1.2.15 and IIS 5.0 (Win 2000 Server). My site is setup with a login handled by IIS. This is my very simple index.jsp: servletPath=<%= request.getServletPath() %><br> remoteUser=<%= request.getRemoteUser() %><br> When I access it through: http://localhost/index.jsp remoteUser is empty (not null!) When I access it through: http://localhost/ remoteUser is filled correctly The same case works fine using Tomcat 4.0.6, so in both cases the remoteUser is filled
This works for me using the latest 5.5.x from SVN. I suggest you test with the latest 5.5.x release and if you still have problems please follow up on the users mailing list. You should include the security-constraint section of your web.xml in your post.
Created attachment 18981 [details] web.xml
The attached web.xml contains no references to Top.jsp, Test.jsp or blank.html To repeat: I have tested this and it works. There is no Tomcat bug I can find here. You have a configuration problem. Bugzilla is not a support forum. Please do not re-open this issue. Please use the Tomcat users mailing list. You should provide your original test case and the security constraints section of the web.xml that applies to it.
are you using tomcat or apache (.htaccess) authentication?