Subject: Re: Action classes/Form based authentication/ EJBs From: Torgeir Veimo <[EMAIL PROTECTED]> === Roland Chan wrote: > Hi There, > > Using BASIC authentication my action classes work like a charm. However, > when I switched to form based authentication calls to secured EJBs > present an "authentication exception, principal=null error". > > This is strange only because I know the principal exists and was > authenticated. What is stranger is my workaround: I can get the > authentication to work for my EJBs just by calling logging the > request.getRemoteUser() from within my action. Why should I need to do > this? I thought this sort of thing is handled by the container.
This is probably a problem of lost session, either by the browser not sending the session cookie back or while using url rewriting and not properly wrapping an url sent back to the browser. Remember that when using basic authentication, the auth header is sent by the browser at every request, so it never looses the session. Using form based authentication requires the session to be intact, since you only authenticate once. -- -Torgeir -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
