I use WebSphere Application Server and a form based authentication for user login to my Web Application.
In order to check authorization of the user i need to use filter for JSP pages and Servlets. For now I can insert the username into session object and in my filter i check the authorization with the username in the session.
I want to do it by using the HttpServletRequest getRemoteUser() or getUserPrincipal() methods, but Filter interface's doFilter() method takes ServletRequest object as parameter, and ServletRequest object doesnot have getRemoteUser() and getUserPrincipal() methods when i cast ServletRequest to HttpServletRequest, methods return empty values.
I also tried to take the Caller Subject from current thread but user seems unauthenticated in Filter.
Mustafa VAR<br />Computer Engineer
posted 10 years ago
ok it is solved
filtered pages have to be defined in secure resources to use methods like getRemoteUser() etc.