2 Replies Latest reply on Mar 4, 2002 9:38 AM by dward2

getting null remote user from HttpServletRequest after JAAS

alphafoo Dec 3, 2001 7:05 PM

At long last, I have FORM based authentication working for my web app. Now I am trying to figure out at the servlet level who the authenticated user/principal is.

If my restricted content lives in /restricted in my web app, then when I access content inside /restricted, the HttpServletRequest contains both the remote user and Principal that is logged in. That is working fine.

But if I browse up a level to the unrestricted root content, the remote user and Principal are shown as null. If I go back down to /restricted, the values are populated again.

Can someone recommend a good way of keeping track of the logged in user so at the unrestricted content level, I can access the logged in username?

The only way I can think of is to have a separate servlet for the restricted content, and have that servlet set a username field in the HttpSession if it is not already set.

1. It's clear issue

ko5tik Dec 4, 2001 9:45 AM (in response to alphafoo)

Well, your session stores j_username & j_password.

If you call restricted session, then JBossSecurityMrgRealm comes to play ( as interceptor )
and creates pricipal/roleset/whatever else
based on those request parameters.

If you call for non-restricted stuff, then
this interceptor is not called -> you got no
principal bound to your request.

To solve this you can subclass this interceptor
to work even on unrestricted requests.
Actions
2. Re: getting null remote user from HttpServletRequest after J

dward2 Mar 4, 2002 9:38 AM (in response to alphafoo)

I ran into this too:
http://main.jboss.org/thread.jsp?forum=50&thread=9104

And I wasn't the only one:
http://main.jboss.org/thread.jsp?forum=49&thread=10118
Actions

Go to original post