Bug 43840 - Unexpected behaviour when GenericPrincipal is serialized using the SerializablePrincipal in a cluster.
Summary: Unexpected behaviour when GenericPrincipal is serialized using the Serializab...
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Cluster (show other bugs)
Version: 6.0.14
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2007-11-11 20:12 UTC by ashley
Modified: 2008-01-10 13:10 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description ashley 2007-11-11 20:12:16 UTC
The method 'getUserPrincipal()' in the GenericPrincipal class returns itself or
a provided Principal if possible. This is also the return value of the
request.getUserPrincipal() method. This works fine in a non-clustered environment.

However the behaviour of this method changes when the GenericPrincipal is
serialized by the SerializablePrincipal class. In the initial node of a cluster
the request.getUserPrincipal() method behaves normally. However after the
principal is serialized to another node it no longer contains the internal
Principal object, so the same method call will now return a different object.

I think a solution could be:

1) If there exists an internal userPrincipal AND it is Serializable then
serialize it along with the other properties of GenericPrincipal.

2) Recreate it at the other end if it is available in the object stream.

In this manner users with custom Principal objects that implement
java.io.Serializable will have predictable results from the
request.getUserPrincipal method across nodes in a cluster.

I'd appreciate your thoughts on this.

Comment 1 Mark Thomas 2007-12-30 14:04:12 UTC
I have committed a fix to svn and proposed the fix for inclusion in 6.0.x

Comment 2 Mark Thomas 2008-01-10 13:10:29 UTC
This has been fixed in svn and will be included in 6.0.16 onwards.