Determining remote user and inrole for unprotected pages

jgkenned Oct 13, 2003 11:33 AM

I have recently noticed that when you have a site with both protected and
unprotected pages that getRemoteUser returns null on the unprotected pages
eventhough I have authenticated against a protected page. isUserInRole also
does not work.

Is there a way I can determine who is logged in when I access an unprotected
url?

To answer my own Q, I supose I could create an object and store it in the
session then access later, but is there another way?

Ultimately I would like to present a dynamic menu in which administrators
see a different menu than regular joe users. The menu is part of every page
in this case. I would simple like to hide "admin only" sections so regular
users don't see them.

Using JBOSS 3.2.1 with Tomcat 4.1.24. Tomcat is serving HTTP.

1. Re: Determining remote user and inrole for unprotected pages

dmessina Nov 18, 2003 5:29 PM (in response to jgkenned)

I am having the exact same problem. Does anyone have a solution for this?
Actions
2. Re: Determining remote user and inrole for unprotected pages

rickkw Nov 18, 2003 6:05 PM (in response to jgkenned)

Assuming a protected page is accessed before an unprotected page, can you get the remote user from within a protected page and stick that into a session?
Actions

Go to original post