4 Replies Latest reply on Jan 8, 2005 1:11 PM by scotttam

    Getting the logged on user info

    scotttam
    scotttam Jan 4, 2005 5:51 PM

      Hi,

      I am currently using a DatabaseServerLoginModule to authenticate into my web application. My login-config.xml has the following section:

      
 <application-policy name = "myRealm">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
 <module-option name = "dsJndiName">java:/MyDS</module-option>
 <module-option name = "principalsQuery">select distinct password from principal p where p.username = ?</module-option>
 <module-option name = "rolesQuery">select r.name, 'Roles' FROM role r, principal p, principal_role pr where p.principal_id = pr.principal_id AND r.role_id = pr.role_id AND p.username = ?</module-option>
 <module-option name = "hashAlgorithm">MD5</module-option>
 </login-module>
 </authentication>
 </application-policy>


      This works just fine.

      Now, in a struts action, I would like to get the information about the logged on user. Specifically, I would like to get the principal_id that stored in the principal table that corresponds with the logged on user. What's the easiest way to do that?

      Thanks,

      Scott


      • 4006 Views
      • Tags:
        • 1. Re: Getting the logged on user info
          starksm64
          starksm64 Jan 4, 2005 8:53 PM (in response to scotttam)

          Use the standard HttpServletRequest.getUserPrincipal call.

            • Actions
          • 2. Re: Getting the logged on user info
            scotttam
            scotttam Jan 5, 2005 8:02 AM (in response to scotttam)

            Thanks Scott.

            I tried that originally but request.getUserPrincipal() was returning null, even though my security-constraint contained the path to the jsp page. I figured out that the problem was the struts action path was not in the security-constraint. Once I added that in, request.getUserPrincipal returned what I expected.

              • Actions
            • 3. Re: Getting the logged on user info
              didi
              didi Jan 8, 2005 6:47 AM (in response to scotttam)

              I am having the same problem: request.getUserPrincipal() is null in my jsp even when I am authenticated sucessfully. I am using a simple jsp to understand the whole JAAS stuff but where do I have to change the "security-constraint" you mentioned?

                • Actions
              • 4. Re: Getting the logged on user info
                scotttam
                scotttam Jan 8, 2005 1:11 PM (in response to scotttam)

                You need to add something like this to your web.xml. Make sure the jsp page you wish to use request.getUserPrincipal() is in the url-pattern.

                 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Protected Area</web-resource-name>
 <url-pattern>/jsp/secure/*</url-pattern>
 <url-pattern>/secure/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>admin</role-name>
 </auth-constraint>
 </security-constraint>


                  • Actions