Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5549

security principal not persisted between requests when using WebAuthentication

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Minor Minor
    • No Release
    • JBossAS-4.2.2.GA
    • Security
    • None
    • Hide

      Define a fake security-constraint in web.xml

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>dummy</web-resource-name>
      <url-pattern>/dummy/*</url-pattern>
      </web-resource-collection>
      </security-constraint>

      Then the user principal is persisted between request for other URL patterns.

      Show
      Define a fake security-constraint in web.xml <security-constraint> <web-resource-collection> <web-resource-name>dummy</web-resource-name> <url-pattern>/dummy/*</url-pattern> </web-resource-collection> </security-constraint> Then the user principal is persisted between request for other URL patterns.

      If WebAuthentication is used and no security-constraint is defined in web.xml, the principal is not retained between requests. The code snippet performing the authentication is almost the same as in the wiki:

      WebAuthentication webAuth = new WebAuthentication();
      webAuth.login(username, password);
      System.out.println(request.getUserPrincipal());

      The call to request.getUserPrincipal() gives back the correct user name.

      When I access the web application for the second time, a call to request.getUserPrincipal() returns null.

              anil.saldhana Anil Saldanha (Inactive)
              mgryszko_jira Marcin Gryszko (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: