Use the standard HttpServletRequest.getUserPrincipal call.
I tried that originally but request.getUserPrincipal() was returning null, even though my security-constraint contained the path to the jsp page. I figured out that the problem was the struts action path was not in the security-constraint. Once I added that in, request.getUserPrincipal returned what I expected.
I am having the same problem: request.getUserPrincipal() is null in my jsp even when I am authenticated sucessfully. I am using a simple jsp to understand the whole JAAS stuff but where do I have to change the "security-constraint" you mentioned?
You need to add something like this to your web.xml. Make sure the jsp page you wish to use request.getUserPrincipal() is in the url-pattern.
<security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/jsp/secure/*</url-pattern> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint>