I know this topic came up many times in the past and I swear I read several dozens of topics. But still I could not solve my problem. Please help!
======
my aim:
======
Accessing the user's login name in the servlet that is secured by FORM based authentication.
============
proposals found:
============
1.)
implementing a filter (related to the j_security_check servlet) to grab the j_username of the login page and to store it within the session
2.)
writing my own login module
3.)
using valves (-> but I have to use JBoss AS 3.2.7, and the page http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves says that this applies to 4.0.3+ only)
4.)
calling HttpServletRequest.getUserPrincipal() in the secured servlet
==========
current choice:
==========
I would really like to access the username as described in 4.
But getUserPrincipal() returns null right after the redirect from j_security_check (I).
BUT when I go back to the index.html and press the button to forward to the secured servlet again the method returns the correct username (II).
I:
index.html -> FORM based login -> secured servlet
=> getUserPrincipal() == null
II:
index.html -> secured servlet (authentication + authorization already done in step I)
=> getUserPrincipal() != null
Any advice is welcome! Thanks,
Matthias