1 Reply Latest reply on Apr 26, 2002 5:44 AM by Jim

    How to identify unauthenticatedIdentity.

    Jim Newbie

      I am using j2ee declarative security with form-based authentication(jboss+tomcat+struts+tiles).

      Is it possible to identify the user as being nobody or as belonging to a role allocated to nobody(such as 'anonymous') inside a servlet?

      My servlet which receives the unauthenticated users request does the following:
      cat.info: request.isUserInRole("nobody");
      cat.info: request.isUserInRole("anonymous");
      cat.info("remote user is " + request.getRemoteUser() + "!");
      cat.info("user Principal = " +request.getUserPrincipal() + "!");

      and gives the following output ...
      [Default] User 'nobody' authenticated.
      [DispatchForward] nobody = false!
      [DispatchForward] anonymous = false!
      [DispatchForward] remote user is null!
      [DispatchForward] user Principal = null!

      my loginmodule definition:
      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      dsJndiName="java:/PostgresDS2"
      principalsQuery="select password from principals where principalid=?"
      rolesQuery="select role, rolegroup from roles where principalid=?"
      unauthenticatedIdentity=nobody;

      Any help much is much appreciated.

      Joe

        • 1. Re: How to identify unauthenticatedIdentity. more info
          Jim Newbie

          Hi again,

          Here is a bit more info:

          tomcat3.2.3+jboss2.4.x

          I have entered a role called 'anonymous' which is mapped to a 'nobody' principal in the roles table. (I'm using DatabaseServerLogin module)

          Do I need to have an entry in the principals table for 'nobody' too?

          What should the client be required to do in order for a servlet to get back true from a isUserInRole('anonymous') when interogating the unauthenticated caller?

          Bear in mind I already have form-based auth working for other users in the tables. Its just 'nobody' that I'd like to be able to be recognizeable in a servlet so that default app functionality can be applied based on role. Having the 'isCallerInRole()' method return 'null' is not sufficient as I need the anonymous user to belong to a user group which has its place in the user tree.

          Any comments or suggestions are gratefully accepted.:-)

          Joe