You are mistaken Carlos....getUserPrincipal() is part of the Servlet Specfications...it should be the Application Server that is fullfilling this request.
AR. -----Original Message----- From: Carlos S�nchez [mailto:[EMAIL PROTECTED] Sent: October 18, 2003 10:20 AM To: 'Struts Users Mailing List' Subject: RE: Strange Security Problem If you want the user name stored in the request (bad idea) it must be sent in the form using a hidden field. You should store it in the session. Only submitted form fields will be in the request. > -----Mensaje original----- > De: Rustad, Aaron [mailto:[EMAIL PROTECTED] > Enviado el: s�bado, 18 de octubre de 2003 17:40 > Para: '[EMAIL PROTECTED]' > Asunto: Strange Security Problem > > > I am encountering a strange security problem when trying to > submit a form to an action. This JSP is as follows: > > <%= request.getUserPrincipal().getName() %> > <form action="/edm/ebb/upload.do" method="POST"> > <table width="75%" border="1"> > <tr> > <td><bean:message key="upload.from"/></td> > <td><input type="text" name="from"/></td> > </tr> > <tr> > <td><bean:message key="upload.to"/></td> > <td><input type="text" name="to"/></td> > </tr> > <tr> > <td><bean:message key="upload.version"/></td> > <td><input type="text" name="version"/></td> > </tr> > <tr> > <td><bean:message key="upload.file"/></td> > <td><input type="file" name="input-data"></td> > </tr> > </table> > <input type="submit" value="Submit"/> > </form> > <html:link forward="ups">upload</html:link> > > The strange thing is this: > > When this page is loaded, and I am ligitimatly logged in, the > name of the UserPrincipal is displayed as it should be. > However, if I submit the form, the appropriate action class > is called, but when I invoke request.getUserPrincipal()...it > returns null. Notice the last line of the HTML, it has a link > that points to the same action class...when it is clicked, > the principal is propogated to action and it is NOT null. > > Can anyone help me out with this? I would like the post to > work correctly. > > Thanks! > Aaron. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
