Bug 35943 - request.getRemoteUser() is not getting populated on first time frame requests
Summary: request.getRemoteUser() is not getting populated on first time frame requests
Status: RESOLVED INVALID
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Servlet & JSP API (show other bugs)
Version: 5.5.16
Hardware: PC Windows 2000
: P2 major (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords: APIBug
Depends on:
Blocks:
 
Reported: 2005-07-30 21:11 UTC by Shibu U P
Modified: 2006-10-09 04:41 UTC (History)
2 users (show)


Attachments
web.xml (118.08 KB, text/plain)
2006-10-08 14:12 UTC, Shibu U P 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Shibu U P 2005-07-30 21:11:36 UTC 
We have following jsp as the first page of an application. Application is 
accesible only to the authorized users. What is happening is in the FrameSET 
JSP all the request.getRemoteUser() and request.isUserInRole("readonlyuser") 
are valid and correct.  
    But the jsp's inside the frame, in this example, Top.jsp, Test.jsp is 
having the request.getRemoteUser() as null. This behavior happens only in the 
first time I access the application. If I refresh the main Frameset.jsp, each 
Frame's jsp has the correct value for request.getRemoteUser()

<HTML>
<HEAD>
<TITLE>Test</TITLE>
</HEAD>
		<FRAMESET ROWS="73,100%" framespacing="0" border="0" 
frameborder="0">
			<FRAME name="topframe" src="Top.jsp" marginwidth="0" 
marginheight="0" SCROLLING="NO"  NORESIZE/>
			<FRAMESET cols="0,173,*" framespacing="0" border="0" 
frameborder="0">
				<FRAME name="code" src="Test.jsp 
marginwidth="0" marginheight="0"/>
				<FRAME name="contents" src="" marginwidth="0" 
marginheight="0"/>
				<FRAME name="main" src="blank.html" 
marginwidth="0" marginheight="0"/>
			</FRAMESET>
		</FRAMESET>
</HTML>
Comment 1 Paul Hamer 2006-02-02 02:55:40 UTC 
I think I'm having a similar case using Tomcat 5.5.15, JK-connector 1.2.15 and 
IIS 5.0 (Win 2000 Server). My site is setup with a login handled by IIS.

This is my very simple index.jsp:

servletPath=<%= request.getServletPath() %><br>
remoteUser=<%= request.getRemoteUser() %><br>

When I access it through: http://localhost/index.jsp
remoteUser is empty (not null!)

When I access it through: http://localhost/
remoteUser is filled correctly

The same case works fine using Tomcat 4.0.6, so in both cases the remoteUser 
is filled
Comment 2 Mark Thomas 2006-10-02 18:26:57 UTC 
This works for me using the latest 5.5.x from SVN.

I suggest you test with the latest 5.5.x release and if you still have problems
please follow up on the users mailing list. You should include the
security-constraint section of your web.xml in your post.
Comment 3 Shibu U P 2006-10-08 14:12:39 UTC 
Created attachment 18981 [details]
web.xml
Comment 4 Mark Thomas 2006-10-09 01:16:23 UTC 
The attached web.xml contains no references to Top.jsp, Test.jsp or blank.html

To repeat: I have tested this and it works. There is no Tomcat bug I can find here.

You have a configuration problem. Bugzilla is not a support forum. Please do not
re-open this issue. Please use the Tomcat users mailing list. You should provide
your original test case and the security constraints section of the web.xml that
applies to it.
Comment 5 sk 2006-10-09 04:40:10 UTC 
are you using tomcat or apache (.htaccess) authentication?