File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Cannot take userPrincipal in JSP Filter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Cannot take userPrincipal in JSP Filter" Watch "Cannot take userPrincipal in JSP Filter" New topic
Author

Cannot take userPrincipal in JSP Filter

Mustafa Var
Greenhorn

Joined: Mar 28, 2006
Posts: 8
Hello,

I use WebSphere Application Server and a form based
authentication for user login to my Web Application.

In order to check authorization of the user i need to
use filter for JSP pages and Servlets.
For now I can insert the username into session object
and in my filter i check the authorization with the
username in the session.

I want to do it by using the HttpServletRequest getRemoteUser()
or getUserPrincipal() methods, but Filter interface's doFilter()
method takes ServletRequest object as parameter, and ServletRequest
object doesnot have getRemoteUser() and getUserPrincipal() methods
when i cast ServletRequest to HttpServletRequest, methods return
empty values.

I also tried to take the Caller Subject from current thread but
user seems unauthenticated in Filter.

Thanks.


Mustafa VAR<br />Computer Engineer
Mustafa Var
Greenhorn

Joined: Mar 28, 2006
Posts: 8
ok it is solved

solution:

filtered pages have to be defined in secure resources
to use methods like getRemoteUser() etc.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Cannot take userPrincipal in JSP Filter
 
Similar Threads
difference between HttpServletRequest's getUserPrincipal and getRemoteUser
Authentication and Authorization Problems with IIS 6 and Jrun 4
jsp page is processed by valid user or not
http authentication
Cannot take userPrincipal in JSP Filter