3 Replies Latest reply on Sep 9, 2002 5:57 AM by dviersel

    Strange behaviour of request.getUserInRole, bug?

    dviersel
    dviersel Sep 8, 2002 8:25 PM

      Hi,

      I have set up JBoss-3.0.1/Tomcat-4.0.4 with the DatabaseServerLoginModule and it seems to work allright but I still have some issues.

      My testing web-application contains the following files:
      - /index.jsp
      - /welcome.jsp
      - /auth/login.jsp
      - /auth/error.jsp
      - /auth/logout.jsp
      It is set up so that /welcome.jsp is protected from all access. When I try to access /welcome.jsp, the server correctly dispatches to /auth/login.jsp and lets met log in. Welcome.jsp then tells me that I have succesfully logged in and which name I have used using request.getUserInRole(). However, when I go back to index.jsp, the same method returns null i.e. the container does not return a Principal object when calling request.getUserInRole.

      How can this be?!?!? Is this a bug or a feature?

      Thanks,
      Dylan

      P.S.
      I have attached a zip-file including the sources and the

      • 3448 Views
      • Tags:
        • 1. Re: Strange behaviour of request.getUserInRole, bug?
          david007
          david007 Sep 8, 2002 11:52 PM (in response to dviersel)

          Actually didn't you mean to say that welcome.jsp told you who you logged in as using request.getUserPrincipal()?

          Did this work the first time around? Because I am having the same issue except I invoked a servlet after successfully logging in. And when I tried to get a Principal object via request.getUserPrincipal() it came back null.

            • Actions
          • 2. Re: Strange behaviour of request.getUserInRole, bug?
            david007
            david007 Sep 9, 2002 12:05 AM (in response to dviersel)

            Dylan

            I think I have it now and answered my own question too.

            Your index.jsp is not set up as a secured page in your web.xml just as my servlet wasn't. So you don't get a Principal object.

            David

              • Actions
            • 3. Re: Strange behaviour of request.getUserInRole, bug?
              dviersel
              dviersel Sep 9, 2002 5:57 AM (in response to dviersel)

              Strange. I doubt that it is the behaviour specified. From the spec:

              getUserPrincipal
              Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null.

              This spec is obviously ambiguous, but I would expect people to interpret it so that once a user has been authenticated, getUserPrincipal() always returns the associated Principal object whether the request is for a protected or unprotected resource.

              Dylan

                • Actions