I think Carlos was the only individual that helped you out on this item... -M ----- Original Message ----- From: "Rustad, Aaron" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Saturday, October 18, 2003 12:55 PM Subject: RE: Strange Security Problem
> OK, I figured it out. In my web.xml, I had defined a security constraint to > only apply to GET requests. Apparently (with Tomcat anyway), > request.getUserPrincipal() will always return null if the resource is not > part of security constraint. So, since GET was part of the constraint, > getPrincipal would return a valid object, POST returned NULL. > > Thanks for your help (if you intended to help)!~ > AR. > > -----Original Message----- > From: Rustad, Aaron > Sent: October 18, 2003 9:40 AM > To: '[EMAIL PROTECTED]' > Subject: Strange Security Problem > > > I am encountering a strange security problem when trying to submit a form to > an action. This JSP is as follows: > > <%= request.getUserPrincipal().getName() %> > <form action="/edm/ebb/upload.do" method="POST"> > <table width="75%" border="1"> > <tr> > <td><bean:message key="upload.from"/></td> > <td><input type="text" name="from"/></td> > </tr> > <tr> > <td><bean:message key="upload.to"/></td> > <td><input type="text" name="to"/></td> > </tr> > <tr> > <td><bean:message key="upload.version"/></td> > <td><input type="text" name="version"/></td> > </tr> > <tr> > <td><bean:message key="upload.file"/></td> > <td><input type="file" name="input-data"></td> > </tr> > </table> > <input type="submit" value="Submit"/> > </form> > <html:link forward="ups">upload</html:link> > > The strange thing is this: > > When this page is loaded, and I am ligitimatly logged in, the name of the > UserPrincipal is displayed as it should be. However, if I submit the form, > the appropriate action class is called, but when I invoke > request.getUserPrincipal()...it returns null. Notice the last line of the > HTML, it has a link that points to the same action class...when it is > clicked, the principal is propogated to action and it is NOT null. > > Can anyone help me out with this? I would like the post to work correctly. > > Thanks! > Aaron. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
