0 Replies Latest reply on Aug 30, 2006 11:04 AM by Kevin Johnson

    getRemoteUser null after basic authentication

    Kevin Johnson Newbie

      We have successfully applied a security-constraint with basic authentication to "/*" which generates the expected login popup. After entering valid information, the user is theoretically authenticated, but the request.getRemoteUser() continues returning null.

      When the security constraint is applied to a specific Login.jsp page that prints getRemoteUser(), the popup appears, and the page successfully prints it. Any subsequent pages again shows getRemoteUser() as null.

      How can the authenticated user be applied to all pages?

      Server Configuration:
      O/S: Windows XP Pro SP2
      App Server: JBoss 4.0.3SP1
      Portal: JBoss Portal 2.2.1-GA

      Application Configuration:
      [web.xml]
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>HtmlAdaptor</web-resource-name>

      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>PortalUser</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>MyAuthentication</realm-name>
      </login-config>

      <security-role>
      The role required to access restricted content
      <role-name>PortalUser</role-name>
      </security-role>


      [login-config.xml]
      <application-policy name="MyAuthentication">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
      <module-option name="usersProperties">props/my-users.properties</module-option>
      <module-option name="rolesProperties">props/my-roles.properties</module-option>
      </login-module>

      </application-policy>


      [jboss-web.xml]
      <jboss-web>
      <security-domain>java:jaas/MyAuthentication</security-domain>
      </jboss-web>