This content has been marked as final.
Show 2 replies
-
1. Re: When does Security Context get Set
stueccles Sep 3, 2004 4:36 AM (in response to grinch)I would think its because your app.jsp is not a secured page with security-constraint in the web.xml.
If the page is not covered with a security-constraint then no active subject is created and then security associations are not set on the thread.
The thing about J2EE security is your user is actively authenticated on every request to a secure page using the credentials cached from the logon method (and cached subjects in the security manager too)
If the page is not security constrainted, it doesnt bother authenticating (and hence request.getUserPrincipal() is null...
Your default page on the other hand probably is secured.
hope this all helps
Stuart Eccles -
2. Re: When does Security Context get Set
grinch Sep 3, 2004 5:33 PM (in response to grinch)Stuart,
That was exactly it, thank you very much!!
-SJ