Hello all, I am having some problems which I am desperatly trying to solve. I am using JBoss 2.4.4 with Tomcat 4 but I also heard of people using Jetty had the same problem. I have posted the question also on Tomcat list but no response yet.
I am using the Apache Struts framework in combination with the "Role-Based Actions" extention which is integrated in the nigthly build of Struts. This feature enables you to declare the security role for each Struts Action as part of the struts-config.xml file. You do not won't a seperate web-resource constraint for every role in th eweb.xml because this would be very hard to maintain. The controller servlet of Struts checks if the user has the roles as declared within struts-config.xml. Now I only have a protected resource for my login page, which uses j_security_check and this works well. After succesful login the controllerservlet checks the security roles (using the request.getUserPrincipal() method) and access is granted. Now I forward or navigate to a webresource which does not have a security constraint in web.xml. At this moment the same method request.getUserPrincipal returns NULL while the user is still logged in. When I navigate to a protected resource I again have the correct identity and roles!!!! I really don't understand this behaviour and I am not sure if it is JBoss or Tomcat/Jetty who is acting this way. I have spent quite some time on this and still haven't found a workaround! Is there anyone who can help me with this. Is there a workaround which could/should work!!! Thanks for your help, Erwin Teseling _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
