-
1. Re: Strange behaviour of request.getUserInRole, bug?
david007 Sep 8, 2002 11:52 PM (in response to dviersel)Actually didn't you mean to say that welcome.jsp told you who you logged in as using request.getUserPrincipal()?
Did this work the first time around? Because I am having the same issue except I invoked a servlet after successfully logging in. And when I tried to get a Principal object via request.getUserPrincipal() it came back null. -
2. Re: Strange behaviour of request.getUserInRole, bug?
david007 Sep 9, 2002 12:05 AM (in response to dviersel)Dylan
I think I have it now and answered my own question too.
Your index.jsp is not set up as a secured page in your web.xml just as my servlet wasn't. So you don't get a Principal object.
David -
3. Re: Strange behaviour of request.getUserInRole, bug?
dviersel Sep 9, 2002 5:57 AM (in response to dviersel)Strange. I doubt that it is the behaviour specified. From the spec:
getUserPrincipal
Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null.
This spec is obviously ambiguous, but I would expect people to interpret it so that once a user has been authenticated, getUserPrincipal() always returns the associated Principal object whether the request is for a protected or unprotected resource.
Dylan