This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes Cannot take userPrincipal in JSP Filter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Cannot take userPrincipal in JSP Filter" Watch "Cannot take userPrincipal in JSP Filter" New topic
Author

Cannot take userPrincipal in JSP Filter

Mustafa Var
Greenhorn

Joined: Mar 28, 2006
Posts: 8
Hello,

I use WebSphere Application Server and a form based
authentication for user login to my Web Application.

In order to check authorization of the user i need to
use filter for JSP pages and Servlets.
For now I can insert the username into session object
and in my filter i check the authorization with the
username in the session.

I want to do it by using the HttpServletRequest getRemoteUser()
or getUserPrincipal() methods, but Filter interface's doFilter()
method takes ServletRequest object as parameter, and ServletRequest
object doesnot have getRemoteUser() and getUserPrincipal() methods
when i cast ServletRequest to HttpServletRequest, methods return
empty values.

I also tried to take the Caller Subject from current thread but
user seems unauthenticated in Filter.

Thanks.


Mustafa VAR<br />Computer Engineer
Mustafa Var
Greenhorn

Joined: Mar 28, 2006
Posts: 8
ok it is solved

solution:

filtered pages have to be defined in secure resources
to use methods like getRemoteUser() etc.
 
Consider Paul's rocket mass heater.
 
subject: Cannot take userPrincipal in JSP Filter