It seems that the request.getUserPrincipal() will return non-null value only when you request the protected resource secured by <security-constraint> in web.xml on JBoss even if the user sent the request has been authecticated.
A JAAS login in a filter does not affect the request getUserPrincipal value as this is only set in the web container has authenticated the caller and this occurs before the filter is called. The only way getUserPrincipal returns non-null is when secured content is being accessed.
A JAAS login in a filter does not affect the request getUserPrincipal value as this is only set in the web container has authenticated the caller and this occurs before the filter is called.
I am doing the programmatic JAAS authentication not declarative way. The security filter gets the username and the password from the callbackhandler and passes to the loginContext. Right after that, in the same filter, if I call request.getUserPrincipal, it returns me null. However, I could get the Subject from the loginContext in the same filter.
The only way getUserPrincipal returns non-null is when secured content is being accessed.
I have secured all the pages by defining in the filter mapping as /*
Thanks in advance!
I am doing programmatic authentication using filters as well. I work with JBoss 3.2.1 and I can see the same behaviour.
I tried using JBoss 3.2.4RC1 as it seemed from a couple of threads I read that the behaviour might be different when using a more up-to-date version of JBoss. I saw the same behaviour on the first go, and I didn't have too much time to waste on that, so I'm back to using 3.2.1
I decided to use the Subject to get the roles immediately after authentication succeeds and then add those roles to the user session. It was a bit of a pain retrieving all the roles from the Subject, but I need to do it just once so that's ok.
I found the following link in one of the threads here, but I did not try it out. Just in case you're interested:
I'm a little confused. I thought JBoss 3.2.x used J2SE 1.4 and J2EE 1.3. Does it use all or some of J2EE 1.4? I checked the API docs for 1.3 and 1.4, and I only saw response.getUserPrincipal() on 1.4.
It is HttpServletRequest, not the HttpResponse, which offers this mehtod (J2EE 1.3).
I was thinking request, but typed response. Don't know how I found it in 1.4 but not in 1.3. :)
hey jasslogin ...
did you find the solution infact am also having same issue while working on jboss3.2.6