1 Reply Latest reply on Feb 29, 2004 2:14 AM by Juha Lindfors

    request.getUserInRole returns null

    Thomas Sandor Newbie


      I'd like to have a webapplication, with simple JSPs. I'd like to use e.g. request.getUserInRole("admin") to determine what details and links I should show. E.g. like as a simple forum page:
      1) if user logged in, should see the "post message" link
      2) if user is not logged in, should see the "please log in" link.

      My problem is the if I use declarative web.xml web-resource-collection security-constraint to my forum-page.jsp everyone should log in to see this page, cannot bypass my form-login-config.

      If I put it to a "sec/*" url-pattern, only under this dir returns the getUserPrincipal() or the getUserInRole(), but upper pages from this dir cannot see my logged in context. I don't know why is that??

      So my question is how can I make a simple app which uses my form-login-config, with a container managed security, without using HttpSession attributes, for my whole app, not only to a secure dir?

      I have tried using a statelessbean with method permissions, and configured my JAAS JNDI login-config for an unauthenticatedIdentity, with which I can make a default login. How can I change it to be a specific user? Unfortunately a web-resource-collection with a /LoginRedirector doesn't worked for me, it forgets again the specified user details.

      So any help is warmly welcomed.