2 Replies Latest reply on Mar 4, 2002 9:38 AM by David Ward

    getting null remote user from HttpServletRequest after JAAS

    alphafoo Newbie

      At long last, I have FORM based authentication working for my web app. Now I am trying to figure out at the servlet level who the authenticated user/principal is.

      If my restricted content lives in /restricted in my web app, then when I access content inside /restricted, the HttpServletRequest contains both the remote user and Principal that is logged in. That is working fine.

      But if I browse up a level to the unrestricted root content, the remote user and Principal are shown as null. If I go back down to /restricted, the values are populated again.

      Can someone recommend a good way of keeping track of the logged in user so at the unrestricted content level, I can access the logged in username?

      The only way I can think of is to have a separate servlet for the restricted content, and have that servlet set a username field in the HttpSession if it is not already set.