It seems that the request.getUserPrincipal() will return non-null value only
when you request the protected resource secured by <security-constraint > in
web.xml even if the user sent the request has been authenticated.
----- Original Message -----
From: "Luis Gervaso" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <user@struts.apache.org>; "Tomcat Users
List" <users@tomcat.apache.org>
Sent: Saturday, January 28, 2006 2:18 AM
Subject: Authentication crisis
Hello
I need how to put subject information returned of lc.login() in webapp
context
int order to invoke getUserPrincipal and not retur null
LoginServlet.java
protected void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
String username = req.getParameter("j_username");
String password = req.getParameter("j_password");
String host = req.getHeader("Host");
MyCallbackHandler cbh = new
MyCallbackHandler(username,password,host);
try {
LoginContext lc = new LoginContext("websecure",cbh);
lc.login();
Subject s = lc.getSubject();
log.info(s.getPrincipals().toString());
ses.setAttribute("authcs.subject",lc.getSubject());
//log.info(req.getUserPrincipal().getName());
RequestDispatcher rd = req.getRequestDispatcher("test.jsp");
rd.forward(req,res);
} catch (LoginException e) {
e.printStackTrace();
//log.warning(e.getMessage());
}
}
source: test.jsp
<%
out.println("User: " + request.getParameter("user") + "<br>");
out.println("Pass (clear): " + request.getParameter("pass") + "<br>");
out.println("User Principal: " + request.getUserPrincipal() + "<br>");
out.println("Remote User: " + request.getRemoteUser());
%>
output : test.jsp
User: null
Pass (clear): null
User Principal: null
Remote User: null
--
Un saludo
------------------------------DISCLAIMER------------------------------
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient.
Lisle Technology Partners Pvt. Ltd. and any of its subsidiaries each
reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of any such entity.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
