yes there is an entry in web.xml - security-constraint
and the user is authenticated using doPost() method of LoginServlet
regards
2006/1/30, deepak <[EMAIL PROTECTED]>:
>
> It seems that the request.getUserPrincipal() will return non-null value
> only
> when you request the protected resource secured by <security-constraint >
> in
> web.xml even if the user sent the request has been authenticated.
>
> ----- Original Message -----
> From: "Luis Gervaso" <[EMAIL PROTECTED]>
> To: "Struts Users Mailing List" <user@struts.apache.org>; "Tomcat Users
> List" <users@tomcat.apache.org>
> Sent: Saturday, January 28, 2006 2:18 AM
> Subject: Authentication crisis
>
>
> Hello
>
> I need how to put subject information returned of lc.login() in webapp
> context
> int order to invoke getUserPrincipal and not retur null
>
> LoginServlet.java
>
> protected void doPost(HttpServletRequest req, HttpServletResponse res)
> throws ServletException, IOException {
>
> String username = req.getParameter("j_username");
> String password = req.getParameter("j_password");
> String host = req.getHeader("Host");
> MyCallbackHandler cbh = new
> MyCallbackHandler(username,password,host);
> try {
> LoginContext lc = new LoginContext("websecure",cbh);
> lc.login();
> Subject s = lc.getSubject();
> log.info(s.getPrincipals().toString());
> ses.setAttribute("authcs.subject",lc.getSubject());
> //log.info(req.getUserPrincipal().getName());
> RequestDispatcher rd = req.getRequestDispatcher("test.jsp");
> rd.forward(req,res);
>
> } catch (LoginException e) {
> e.printStackTrace();
> //log.warning(e.getMessage());
> }
> }
>
>
> source: test.jsp
> <%
> out.println("User: " + request.getParameter("user") + "<br>");
> out.println("Pass (clear): " + request.getParameter("pass") + "<br>");
> out.println("User Principal: " + request.getUserPrincipal() + "<br>");
> out.println("Remote User: " + request.getRemoteUser());
> %>
>
> output : test.jsp
> User: null
> Pass (clear): null
> User Principal: null
> Remote User: null
>
> --
> Un saludo
>
>
> ------------------------------DISCLAIMER------------------------------
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
>
> If you receive this message in error, please immediately delete it and
> all copies of it from your system, destroy any hard copies of it and
> notify the sender. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient.
>
> Lisle Technology Partners Pvt. Ltd. and any of its subsidiaries each
> reserve the right to monitor all e-mail communications through its
> networks.
>
> Any views expressed in this message are those of the
> individual sender, except where the message states otherwise and the
> sender is authorized to state them to be the views of any such entity.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Un saludo
